992 matches found
CVE-2004-1171
KDE 3.2.x and 3.3.0–3.3.2 store saved credentials (entered by user or via SMB handler) in plaintext in the user’s .desktop file, which may be world-readable and allow local users to obtain usernames/passwords for remote resources (e.g., SMB shares). Affected components include KDE core libraries ...
CVE-2004-1171
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are 1 manually entered by the user or 2 created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to...
CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php with world-readable permissions. This allows local users to modify databases as the Cacti user and potentially gain privileges. Affected product: Cacti (versions prior to 0.6.8). Root cause: credentials stored in p...
CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges...
Trillian Pro 2.01 - Design Error
Trillian Pro 2.01 - Design Error Trillian Pro Design Error Vendor: Cerulean Studios Product: Trillian Pro Version: !-- var username; username='plaintextusernamehere'; var password; password='plaintextpasswordhere'; function submit document.getEl...
CVE-2003-1476
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access...
Planet WGSD-1020
Добрый день! Не знаю, может кто уже присылал... В свитчах Planet WGSD-1020 есть закладка. Пользователь superuser с паролем planet. В пользовательском интерфейсе он нигде не упоминается, но его видно в файле конфигурации кстати, несмотря на то, что файл конфигурации бинарный, имена и пароли там...
DWebPro 3.4.1 - Http.ini Plaintext Password Storage
DWebPro 3.4.1 - Http.ini Plaintext Password Storage source: https://www.securityfocus.com/bid/8438/info A vulnerability has been reported to exist in the DWebPro web server software. This problem allows an attacker to view database authentication credentials by accessing a plain text file named...
CVE-2003-0329
CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges...
CVE-2003-0342
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges...
CVE-2003-0329
CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges...
CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges...
CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges...
PT-2003-1215 · Cacti · Cacti
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.6.8 Description: The issue allows local users to access a MySQL username and password stored in plaintext in the config.php file, which has world-readable permissions. This could enable users to modify databases as t...
EZ Publish 2.2.73.0 - site.ini Information Disclosure
EZ Publish 2.2.73.0 - site.ini Information Disclosure source: https://www.securityfocus.com/bid/7347/info eZ Publish has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying site.ini configuration file. The file...
Web Wiz Site News 3.6 - Information Disclosure
Web Wiz Site News 3.6 - Information Disclosure source: https://www.securityfocus.com/bid/7341/info Web Wiz Site News has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the...
Web Wiz Site News 3.6 - Information Disclosure
source: https://www.securityfocus.com/bid/7341/info Web Wiz Site News has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Site News appplication. Site News administration...
Ocean12 ASP Guestbook Manager 1.0 - Information Disclosure
source: https://www.securityfocus.com/bid/7328/info Ocean12 Guestbook Manager has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Guestbook Manager. Guestbook...
Ocean12 ASP Guestbook Manager 1.0 - Information Disclosure
Ocean12 ASP Guestbook Manager 1.0 - Information Disclosure source: https://www.securityfocus.com/bid/7328/info Ocean12 Guestbook Manager has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file...
CuteCast 1.2 - User Credential Disclosure
CuteCast 1.2 - User Credential Disclosure source: https://www.securityfocus.com/bid/6127/info It has been reported that the default configuration of CuteCast is insecure. According to the report, CuteCast stores user information in a publicly accessible directory. This includes plaintext...