2198 matches found
CVE-2014-3800
XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file...
CVE-2014-3851
usr/lib/cgi-bin/createpasswdfile.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file...
DEBIAN-CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors...
CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors...
UBUNTU-CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors...
JBossSX/PicketBox: World readable audit.log file
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...
Code injection
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
CVE-2014-3499
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
docker: systemd socket activation results in privilege escalation
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
Hosting Controller 1.x DSNManager Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4759/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The DSNManager script does not sufficiently filter...
Zimplit CMS 3.0 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Zimplit CMS multiple vulnerabilities Date: 2013 13 September Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: www.zimplit.com Tested on: Linux & Windows, PHP 5.3....
BPM Studio Pro 4.2 HTTPD Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4198/info BPM Studio Pro is a shareware MP3 mixer and player. It runs on Microsoft Windows operating systems. BPM Studio Pro includes a HTTP server for managing the player via a web interface. The BPM Studio Pro HTTPD doe...
Excite for Web Servers 1.1 Administrative Password Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2665/info Excite for Web Servers 1.1 EWS is a search engine suite for web servers running under Windows NT and UNIX. By default the file containing the administrative password, architext.conf, is world readable and world...
Webfroot Shoutbox 2.32 URI Parameter File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7737/info Shoutbox is prone to directory traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to URI parameters. An attacker can exploit this vulnerability by manipulating t...
NetSuite 1.0/1.2 HTTP Server Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8197/info The HTTP component of NetSuite has been reported prone to a directory traversal vulnerability. Various combinations of encoded directory traversal sequences may be used to break out of the web root directory...
RaidenHTTPD 1.1.27 Remote File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12451/info RaidenHTTPD is reported prone to a remote file disclosure vulnerability. It is reported that the service does not correctly handle requests for restricted files that reside outside of the web document root...
NewsTraXor Website Management Script 2.9 beta Database Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10194/info Reportedly NewsTraXor is affected by a remote database disclosure vulnerability. This issue is due to a design error that allows the database file to be globally readable. This issue may allow a remote attacker...
HP Managed Printing Administration jobAcct Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
PHP-Nuke 6.5 Addon Viewpage.PHP File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7191/info PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon. It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain...
Critical Path InJoin Directory Server 4.0 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4718/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory Server is provided for Microsoft Windows operating systems and Unix variants. iCon is the...