8378 matches found
Symantec LiveUpdate stores proxy server passwords in plaintext in registry
Overview A vulnerability exists in the way Symantec LiveUpdate stores proxy server passwords which could allow local users to have read access to the key. Description LiveUpdate version 1.5 stores proxy server passwords in clear text in the registry, under...
ArGoSoft FTP Server 1.2.2.2 Weak password encryption
ArGoSoft FTP Server 1.2.2.2 Weak password encryption AFFECTED SYSTEMS ArGoSoft FTP Server 1.2.2.2 DESCRIPTION ArGoSoft FTP Server 1.2.2.2 for win32 is vulnerable to decryption of the password file. As a matter of fact the programmers are aware of this since they have implemented decryption...
Multiple Vulnerabilities In AMLServer
Strumpf Noir Society Advisories ! Public release ! -- -= Multiple Vulnerabilities In AMLServer =- Release date: Monday, June 18, 2001 Introduction: Air Messenger LAN Server is a paging gateway server for MS Windows that allows you to send and recieve messages to a paging network over a TCP/IP LAN...
CVE-2001-1336
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges...
SpyAnywhere Authentication Bypassing Vulnerabilities
Strumpf Noir Society Advisories ! Public release ! -- -= SpyAnywhere Authentication Bypassing Vulnerabilities =- Release date: Tuesday, May 22, 2001 Introduction: Spytech's SpyAnywhere application is a remote PC monitoring and administration package for the MS Windows OS. SpyAnywhere can be...
CA CCC\Harvest exploit
-= Zero Tolerance Technologies T Security Advisory =- Reference: ZTT-SA01-27032001 Author: Richard Scott, [email protected] Product: Computer Associates' CCCHarvest Source Code control software http://ca.com/products/cccharvest.htm http://ca.com/products/descriptions/cccharvest.pdf...
iplanet calendar server 5.0p2 exposes Netscape Admin Server master password
at the time of writing, 5.0p2 is the currently available revision on iplanet's download site. the problem: the standard install of iPlanet Calendar server stores the NAS LDAP admin username and password in plaintext in the world readable file: -rw-r--r-- 1 icsuser icsgroup 37882 Feb 20 10:18...
ccc_harvest.txt
-= Zero Tolerance Technologies T Security Advisory =- Reference: ZTT-SA01-27032001 Author: Richard Scott, [email protected] Product: Computer Associates' CCC\Harvest Source Code control software http://ca.com/products/cccharvest.htm http://ca.com/products/descriptions/cccharvest.pdf...
CVE-2000-1148
The CVE-2000-1148 entry concerns VolanoChatPro server where configuration file permissions are world-readable and administrator passwords are stored in plaintext. This insecure configuration can allow local users to access sensitive credentials and potentially gain privileges on the server. The v...
CVE-2000-0957
The pluggable authentication module for mysql pammysql before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes...
CVE-2000-1148
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server...
Seagate Crystal Reports exposes cleartext username/password pairs when embedded in URL or HTTP request
Overview The Seagate Crystal Reports product exposes passwords to back-end databases in certain configurations. In particular, the username and password are transmitted in plaintext from the client browser to the server as part of the URL when using technologies other than Active Server Pages ASP...
CVE-2000-1148
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server...
CVE-2000-0954
Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server...
CVE-2000-0957
The pluggable authentication module for mysql pammysql before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes...
CVE-2000-1076
Netscape iPlanet Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server...
CVE-2000-1076
Netscape iPlanet Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server...
CVE-2000-0954
Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server...
CVE-2000-0954
Shambala Server 4.5 stores passwords in plaintext, enabling local users to obtain passwords and compromise the server. The provided documents do not specify remediation or affected versions beyond 4.5; exploitation details are not described.
CVE-2000-1076
Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 store the administrative password in plaintext, enabling local and possibly remote attackers to gain administrative privileges. Affected components are the Certificate Management System and Directory Server; the root c...