System: insecure config file permissions

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files...

CVE-2008-2367

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files...

CVE-2008-2367

CVE-2008-2367 affects Red Hat Certificate System 7.2. The root cause is insecure default file permissions on configuration files (e.g., password.conf) allowing local attackers to read sensitive credentials. Connected advisories note remediation via updated packages for Red Hat Certificate System ...

CVE-2008-2367

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files...

dovecot: ssl_key_password disclosure due to an insecure dovecot.conf permissions

dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...

System: insecure config file permissions

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5900)

The Mozilla Thunderbird E-Mail client was updated to version 2.0.0.19. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the...

Gentoo Security Advisory GLSA 200812-16 (dovecot)

The remote host is missing updates announced in advisory GLSA 200812-16. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CUPS 1.3.8-4 - Local Privilege Escalation

CUPS 1.3.8-4 - Local Privilege Escalation / cve-2008-5377.c CUPS http://jon.oberheide.org Usage: $ gcc cve-2008-5377.c -o cve-2008-5377.c $ ./cve-2008-5377 $ id uid=0root gid=1000vm ... Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5377 pstopdf in CUPS 1.3.8 allows local use...

DEBIAN-CVE-2008-4870

dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...

CVE-2008-4870

dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...

Design/Logic Flaw

dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...

CVE-2008-4870

dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...

Read Address Book

Added: 10/07/2008 Background This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files .WAB, .PAB on the target. Limitations A connection to the target is required to run this tool. Recent versions of Microsoft Outlook no longer store address books locally ...

Gentoo Security Advisory GLSA 200409-10 (multi-gnome-terminal)

The remote host is missing updates announced in advisory GLSA 200409-10. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200409-10 (multi-gnome-terminal)

The remote host is missing updates announced in advisory GLSA 200409-10. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

FreeBSD Ports: nwclient

The remote host is missing an update to the system as announced in the referenced advisory. VID d177d9f9-e317-11d9-8088-00123f0f7307 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: wine

The remote host is missing an update to the system as announced in the referenced advisory. VID 48a59c96-9c6e-11d9-a040-000a95bc6fae OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

CVE-2008-3395

Calacode @Mail 5.41 on Linux uses weak world-readable permissions for 1 webmail/libs/Atmail/Config.php and 2 webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained...

atmail-disclose.txt

!/usr/bin/perl LEGAL: Permission is granted to freely reproduce this document in its entirety under the condition that the contents are not altered in any way. milw0rm IS permitted to add their standard footer: // milw0rm.com / date Permission to view or reproduce this file is NOT granted to any...