Pollit CGI-script opens doors!

Description: Bug in PollItSSIv2.0.cgi reveals info. Compromise: Accessing files that arn't in the web-dir. Vulnerable Systems: Pollit v2.0 only tested version. Details: When you run the Pollit CGI script ALL your world readable files could be accessed by any web user, for example your /etc/passwd...

razor.password.txt

--| |-------------------- Shawn Clifford ---------------------| This advisory follows the RFP disclosure policy: http://www.wiretrip.net/rfp/policy.html ----| ISSUE Razor is a configuration management tool see http://www.razor.visible.com. There is a serious flaw with the Razor password file,...

Flowerfire Sawmill 5.0.21 - File Access

source: https://www.securityfocus.com/bid/1402/info Sawmill is a site statistics package for Unix, Windows and Mac OS. A specially crafted request can disclose the first line of any world readable file for which the full pathname is known, for example /etc/passwd. The output of the request is...

Shiva Access Manager 5.0.0 Plaintext LDAP root password.

In testing Intel's Shiva Access Manager RADIUS/Tacacs+ product, i recently came across an important security hole in the LDAP connectivity on the Solaris platform version of this product. When you configure the S.A.M. to store all of it's information in an LDAP directory, it asks that you give it...

CVE-2000-0552

ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information...

Intel Corporation Shiva Access Manager 5.0 - Solaris World Readable LDAP Password

source: https://www.securityfocus.com/bid/1329/info The Shiva Access Manager is a solution for centralized remote access authentication, authorization, and accounting offered by Intel. It runs on Solaris and Windows NT. Shiva Access Manager is vulnerable to a default configuration problem in its...

PT-2000-1487 · Icq · Icqwebmail +1

Name of the Vulnerable Software and Affected Versions: ICQ 2000A Description: The issue allows local users to obtain sensitive information due to the creation of a world-readable temporary file during login, which is not deleted. This occurs in the ICQwebmail client for ICQ 2000A. Recommendations...

Banner Rotation 01

-- Banner rotating 01 -- -- Description: "Banner rotating 01" is a cgi script distributed for free on several site builder sites, including Hot Area. The script is available on http://www.hotarea.net/web/scripts/banner01/ The cgi script offers numerous functions for those wishing to manage rotati...

KNapster Vulnerability Compromises User-readable Files

KNapster Vulnerability Compromises User-readable Files This vulnerability was discovered at the Center for Education and Research in Information Assurance and Security CERIAS at Purdue University http://www.cerias.purdue.edu by: Tom Daniels [email protected] Florian Buchholz...

Gnapster Vulnerability Compromises User-readable Files

Gnapster Vulnerability Compromises User-readable Files This vulnerability was discovered at the Center for Education and Research in Information Assurance and Security CERIAS at Purdue University http://www.cerias.purdue.edu by: Tom Daniels [email protected] Florian Buchholz...

CVE-2000-0458

The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information...

CVE-2000-0184

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords...

CVE-2000-0164

The installation of Sun Internet Mail Server SIMS creates a world-readable file that allows local users to obtain passwords...

snmp.writable.txt

Days ago, there was a discussion about world-readable snmp communities, some people thought it was bad enough. Amazingly, I've found that a lot of network devices such as intelligent switches, WAN/LAN routers, ISDN/DSL modems, remote access machines and even some user-end operating systems are by...

CVE-1999-0712

CVE-1999-0712 affects Caldera Open Administration System (COAS). The vulnerability allows the /etc/shadow password file to be made world-readable, indicating a confidentiality impact. Exploitation details are not provided in the connected documents; sources (Red Hat, CVE entries, and PT Security)...

CVE-1999-0712

A vulnerability in Caldera Open Administration System COAS allows the /etc/shadow password file to be made world-readable...

CVE-1999-0408

Files created from interactive shell sessions in Cobalt RaQ microservers e.g. .bashhistory are world readable, and thus are accessible from the web server...

CVE-2000-0361

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information...

CVE-1999-0982

The Sun Web-Based Enterprise Management WBEM installation script stores a password in plaintext in a world readable file...

PT-1999-1502 · Sun · Sun Wbem

Name of the Vulnerable Software and Affected Versions: Sun Web-Based Enterprise Management WBEM affected versions not specified Description: The issue concerns the storage of a password in plaintext within a world-readable file by the Sun Web-Based Enterprise Management WBEM installation script...