FreePBX 2.5.x - Information Disclosure

Advisory Name: Information disclosure in FreePBX 2.5.x Internal Cybsec Advisory Id: 2010-0101 Vulnerability Class: Information disclosure Release Date: 15/01/2010 Affected Applications: Confirmed in FreePBX 2.5.x Other versions may also be affected Affected Platforms: Any running FreePBX2.5.x Loc...

WordPress <= 2.7.1 - Information Disclosure

Because of this vulnerability, the attackers can obtain sensitive information by reading the HTML source. Solution Update WordPress...

Code injection

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in 1 passwd.htm and 2 Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code...

CVE-2009-1560

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in 1 passwd.htm and 2 Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code...

UBB.threads 5.5.1 (message) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== UBB.threads 5.5.1 message Remote SQL Injection Vulnerability ============================================================== Background: ----------- SQL injection has previously...

Authentication flaw

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for 1 RemMagSNMP.html, which...

CVE-2008-1528

Affected: ZyXEL Prestige routers P-660, P-661, P-662 with firmware 3.40(AGD.2)–3.40(AHQ.3). Issue: remote authenticated users can read HTML sources via direct HTTP requests to disclose credentials, e.g., RemMagSNMP.html reveals SNMP communities and WLAN.html reveals WEP keys. Root cause: inadequa...

Default credentials

bbanner.stm aka the login page on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source...

CVE-2008-1252

bbanner.stm aka the login page on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source...

Default credentials

goform/QuickStartc0 on the GoAhead Web Server on the FS4104-AW aka rooter VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603...

CVE-2007-6702

goform/QuickStartc0 on the GoAhead Web Server on the FS4104-AW aka rooter VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603...

CVE-2007-6702

CVE-2007-6702 affects the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device. The vulnerability exposes a password embedded in the typepassword field, which can be read from the HTML source by remote attackers, enabling password disclosure. The CVSS2 base score is 5.0 (MEDIUM) with netw...

Default credentials

index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action...

CVE-2007-6399

index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action...

CVE-2007-6399

CVE-2007-6399 affects Flat PHP Board 1.2 and earlier. The vulnerability allows remote authenticated users to obtain the current user’s password by reading the password parameter value in the HTML source of the page generated by a profile action. The underlying cause is exposure of the password pa...

CVE-2007-6197

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page...

Code injection

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page...

CVE-2007-6197

The CVE-2007-6197 entry affects BEA AquaLogic Interaction Plumtree Portal 5.0.2–5.0.4 and 6.0.1.218452. The root cause is information disclosure via comments in the HTML source of any page, allowing remote attackers to learn version numbers and internal hostnames. Impact is partial confidentialit...

CVE-2007-6197

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page...

Default credentials

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page...