Ubuntu: Security Advisory (USN-1230-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EMC Data Protection Advisor information leakage

Cleartext passwords are stored in user readable files...

HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow

This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.0 and 7.53. By sending a CGI request with a specially OvOSLocale cookie to Toolbar.exe, an attacker may be able to execute arbitrary code. Please note that this module only works against a specific build i.e. NNM...

Nmap NSE net: nfs-ls

Attempts to get useful information about files from NFS exports. The output is intended to resemble the output of 'ls'. The script starts by enumerating and mounting the remote NFS exports. After that it performs an NFS GETATTR procedure call for each mounted point in order to get its ACLs. For...

Default credentials

Oracle Solaris 8, 9, and 10 stores back-out patch files undo.Z unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks...

CVE-2011-0178

The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory...

Gentoo Security Advisory GLSA 201101-07 (Prewikka)

The remote host is missing updates announced in advisory GLSA 201101-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Code injection

Cisco Unified Videoconferencing UVC System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043...

CVE-2010-2241

The 1 setup-ds.pl and 2 setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts...

redhat-ds: setup script insecure .inf file permissions

The 1 setup-ds.pl and 2 setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts...

Bugzilla 'localconfig' Information Disclosure Vulnerability

Bugzilla is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:bugzilla";...

CVE-2010-2470

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when usesuexec is enabled, uses world-readable permissions within 1 .bzr/ and 2 data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability...

Design/Logic Flaw

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when usesuexec is enabled, uses world-readable permissions within 1 .bzr/ and 2 data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability...

CVE-2010-2470

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when usesuexec is enabled, uses world-readable permissions within 1 .bzr/ and 2 data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability...

CVE-2010-0180

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when usesuexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the sitewidesecret field...

DEBIAN-CVE-2010-2058

setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password...

CVE-2010-2058

setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password...

Design/Logic Flaw

setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password...

CVE-2010-2058

setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password...

UBUNTU-CVE-2010-2058

setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password...