2219 matches found
CVE-2003-1460
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information...
CVE-2003-0414
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile...
CVE-2003-0414
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile...
Alt-N WebAdmin 2.0.x - Remote File Viewing
source: https://www.securityfocus.com/bid/7438/info Alt-N WebAdmin allows a remote user to access files that they should not be able to access. The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system. NOTE: The user must have...
CVE-2002-1470
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable scserv.log file...
DEBIAN-CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges...
CVE-2002-0377
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files...
CVE-2002-0120
Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information...
Cedric Email Reader 0.2/0.3 - Skin Configuration Script Remote File Inclusion
source: https://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'email.php' script. Under some circumstances, it is possible fo...
CVE-2002-1892
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information...
CVE-2002-1711
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments...
CVE-2002-1970
SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers...
PT-2002-2435 · Mandrake · Mandrake
Name of the Vulnerable Software and Affected Versions: Mandrake versions 8.2 Description: The Standard security setting for the Mandrake-Security package installs home directories with world-readable permissions. This could allow local users to read other users' files. Recommendations: For Mandra...
CVE-2002-1380
Linux kernel 2.2.x allows local users to cause a denial of service crash by using the mmap function with a PROTREAD parameter to access non-readable memory pages through the /proc/pid/mem interface...
QNX Photon Weak Permissions
Clipboard content is stored in world readable file...
CVE-2002-0849
Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta 1, which could allow local users to gain privileges by reading the cleartext CHAP password...
Mac OS X Finder creates world-readable ".FBCIndex" file thereby disclosing sensitive information
Overview Mac OS X's Find-By-Content indexing may store file data where it can be served to remote users by Apache. Description The Find-By-Content feature of Mac OS X generates indexing data from the contents of files in each directory. It then stores the indexing data for each directory in a...
CVE-2002-0565
Oracle 9iAS 1.0.2.x compiles JSP files in the pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to pages...
CVE-2001-1175
CVE-2001-1175 : In vipw from the util-linux package, before version 2.10, editing /etc/shadow could leave the file world-readable in some cases, enabling local users to more easily perform brute-force password guessing. Supported details in connected docs show Red Hat advisories (RHSA-2001:95, 13...
CVE-2001-1175
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing...