2193 matches found
Debian DSA-1062-1 : kphone - insecure file creation
Sven Dreyer discovered that KPhone, a Voice over IP client for KDE, creates a configuration file world-readable, which could leak sensitive information like SIP passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...
DEBIAN-CVE-2006-5214
Race condition in the Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession...
OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow
Overview A buffer overflow vulnerability in an OpenSSL library function could allow a remote attacker to execute code on an affected system. Description The OpenSSL toolkit implements the Secure Sockets Layer SSL versions 2 and 3 and Transport Layer Security TLS version 1 protocols as well as a...
AuditWizard information leak
Administrator password is logged into world-readable log file...
VMware ESX Server management interface logs passwords in cleartext in a world-readable file
Overview Certain versions of VMware ESX Server store passwords in a cleartext file that all users have read permissions to. Description Per the VMware ESX Server datasheet:ESX Server installs directly on the server hardware, or “bare metal,” and inserts a robust virtualization layer between the...
CVE-2006-3495
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users...
CVE-2006-3495
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users...
Mercury Messenger
Problem description: Mercury Messenger, http://www.mercury.to/, is a java based messenger that will allow it's users to chat with MSN users. Currently it has been noted by two people that on a multi user OS X platform it is possible to read the chat logs from other users. The user specific...
Weak Mercury Messenger permissions
Chat log director yis world-readable...
CVE-2006-3669
Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users...
CVE-2006-3669
Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users...
CVE-2006-2752
The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc RedCarpet password...
Design/Logic Flaw
The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc RedCarpet password...
Mandrake Linux Security Advisory : kphone (MDKSA-2006:089)
Kphone creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. Packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
CVE-2006-2614
Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts 1 /cr/hdjobsdb.sh, 2 /cr/hdplancheckin.sh, and 3 /cr/oracleplancheckin.sh, which allows local users to obtain System Manager passwords...
DSA-1062-1 kphone - insecure file creation
Bulletin has no description...
CVE-2006-2442
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords...
Design/Logic Flaw
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords...
CVE-2006-2442
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords...
CVE-2006-2443
The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database...