20 matches found
EUVD-2006-0843
Malware in sbrugna...
CVE-2006-1210
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...
Design/Logic Flaw
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has private...
CVE-2006-1211
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has private...
Design/Logic Flaw
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...
CVE-2006-1210
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...
CVE-2006-1211
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has private...
CVE-2006-1211
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 is vulnerable: it configures a MySQL database to allow connections from any source IP address using the ns account, enabling remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. The note indica...
CVE-2006-1210
The CVE-2006-1210 issue affects IBM Tivoli Netcool/NeuSecure 3.0.236, where the web interface stores the MySQL username and password in cleartext within body.phtml, allowing remote attackers to gain privileges by reading the source. Root cause: credentials exposed in the web page source. Impact: ...
[Full-disclosure] Remote access to NeuSecure/Netcool backend database via web interface credentials leakage
-= DDSi Security Report =- March 8th, 2006 --------------------------------------------------------------------------------------------------------- Another credentials leak was found in Netcool/NeuSecure Security Information Management platform which leads to remote backend database access with...
Netcool NeuSecure Security information management platform multiple security vulnerabilities
Weak file permissions, cleartext passwords, passwords logging...
Code injection
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for 1 /etc/neusecure.conf, 2 /opt/NeuSecure/etc/cms-3.0.236.buildconf, and 3 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed...
Code injection
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the 1 CMSDBPASS, 2 CMSMDBPASS, and 3 RPTDBPASS fields in /etc/neusecure.conf, and in 4 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix i...
CVE-2006-0837
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for 1 /etc/neusecure.conf, 2 /opt/NeuSecure/etc/cms-3.0.236.buildconf, and 3 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed...
CVE-2006-0838
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the 1 CMSDBPASS, 2 CMSMDBPASS, and 3 RPTDBPASS fields in /etc/neusecure.conf, and in 4 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix i...
CVE-2006-0838
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the 1 CMSDBPASS, 2 CMSMDBPASS, and 3 RPTDBPASS fields in /etc/neusecure.conf, and in 4 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix i...
CVE-2006-0837
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for 1 /etc/neusecure.conf, 2 /opt/NeuSecure/etc/cms-3.0.236.buildconf, and 3 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed...
CVE-2006-0838
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in /etc/neusecure.conf (CMS_DBPASS, CMSM_DBPASS, RPT_DBPASS) and in /opt/NeuSecure/bin/ns_archiver.log, enabling local users to gain privileges. The issue is a configuration/password storage vulnerability affecting local pr...
CVE-2006-0837
Affected product: IBM Tivoli Netcool/NeuSecure 3.0.236. Issue: world-readable permissions on (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, enabling local users to read sensitive information such as passwords. Impact: local infor...
[Full-disclosure] Password disclosure and remote access in Netcool/NeuSecure Security information management platform
Multiple security information disclosure paths and remote access Netcool/NeuSecure Security information management platform . Cleartext-storage of passwords in the configuration file Cleartext reporting of user password in the log Default backend Mysql database user and remote access. Laxed...