20 matches found
EUVD-2006-0843
Malware in sbrugna...
Design/Logic Flaw
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has private...
CVE-2006-1210
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...
Design/Logic Flaw
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...
CVE-2006-1211
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has private...
CVE-2006-1211
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has private...
CVE-2006-1211
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 is vulnerable: it configures a MySQL database to allow connections from any source IP address using the ns account, enabling remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. The note indica...
CVE-2006-1210
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...
CVE-2006-1210
The CVE-2006-1210 issue affects IBM Tivoli Netcool/NeuSecure 3.0.236, where the web interface stores the MySQL username and password in cleartext within body.phtml, allowing remote attackers to gain privileges by reading the source. Root cause: credentials exposed in the web page source. Impact: ...
Netcool NeuSecure Security information management platform multiple security vulnerabilities
Weak file permissions, cleartext passwords, passwords logging...
[Full-disclosure] Remote access to NeuSecure/Netcool backend database via web interface credentials leakage
-= DDSi Security Report =- March 8th, 2006 --------------------------------------------------------------------------------------------------------- Another credentials leak was found in Netcool/NeuSecure Security Information Management platform which leads to remote backend database access with...
Code injection
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for 1 /etc/neusecure.conf, 2 /opt/NeuSecure/etc/cms-3.0.236.buildconf, and 3 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed...
CVE-2006-0838
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the 1 CMSDBPASS, 2 CMSMDBPASS, and 3 RPTDBPASS fields in /etc/neusecure.conf, and in 4 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix i...
Code injection
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the 1 CMSDBPASS, 2 CMSMDBPASS, and 3 RPTDBPASS fields in /etc/neusecure.conf, and in 4 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix i...
CVE-2006-0837
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for 1 /etc/neusecure.conf, 2 /opt/NeuSecure/etc/cms-3.0.236.buildconf, and 3 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed...
CVE-2006-0837
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for 1 /etc/neusecure.conf, 2 /opt/NeuSecure/etc/cms-3.0.236.buildconf, and 3 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed...
CVE-2006-0837
Affected product: IBM Tivoli Netcool/NeuSecure 3.0.236. Issue: world-readable permissions on (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, enabling local users to read sensitive information such as passwords. Impact: local infor...
CVE-2006-0838
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in /etc/neusecure.conf (CMS_DBPASS, CMSM_DBPASS, RPT_DBPASS) and in /opt/NeuSecure/bin/ns_archiver.log, enabling local users to gain privileges. The issue is a configuration/password storage vulnerability affecting local pr...
CVE-2006-0838
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the 1 CMSDBPASS, 2 CMSMDBPASS, and 3 RPTDBPASS fields in /etc/neusecure.conf, and in 4 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix i...
[Full-disclosure] Password disclosure and remote access in Netcool/NeuSecure Security information management platform
Multiple security information disclosure paths and remote access Netcool/NeuSecure Security information management platform . Cleartext-storage of passwords in the configuration file Cleartext reporting of user password in the log Default backend Mysql database user and remote access. Laxed...