88 matches found
ATutor cross-site scripting vulnerability
Overview ATutor, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution None...
Buffalo router configuration management interface vulnerable to remote access and password leakage
Overview Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's...
WinWebMail 3.7.3 - IMAP Login Data Handling Denial of Service
source: https://www.securityfocus.com/bid/28721/info WinWebMail is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input. Remote attackers can exploit this issue to crash the server and deny service to legitimate users. Given the...
sparkassen-xss.txt
The "Sparkassen-Finanzgruppe" with a transaction volume of over 3.300 billion euro is one of the largest banks for private customers in germany. Many local member-banks of the group use the online banking portal provided by sfze http://www.sfze.de/, a subsidiary company of Sparkassen-Finanzgruppe...
CVE-2005-1055
TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the dat/login file...
CVE-2005-1055
TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the dat/login file...
CVE-2002-0259
InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in 1 .pwd files in the miniportal/apache directory, or 2 mplog.txt, which could allow local users to gain privileges...
RealServer G2 Malformed Telnet Data Remote Overflow
If a user sends an oversized login / password combination to the administrative server of a RealServer G2, it will overflow the server's buffer. An attacker can use this flaw to execute arbitrary code on the remote system. C Tenable Network Security, Inc. Original exploit code : see...