Lucene search
K

160 matches found

Prion
Prion
added 2016/12/01 11:59 a.m.18 views

Design/Logic Flaw

IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...

5CVSS7AI score0.01673EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2016/12/01 11:0 a.m.26 views

CVE-2016-3012

IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...

7.1AI score0.01673EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/11/07 9:5 a.m.6 views

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS7.2AI score0.03937EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/11/02 11:6 a.m.7 views

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS7.2AI score0.03937EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/11/02 11:5 a.m.4 views

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS7.2AI score0.03937EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/11/02 11:5 a.m.6 views

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS7.2AI score0.03937EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/10/20 12:48 p.m.3 views

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS7.2AI score0.03937EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/10/20 12:47 p.m.5 views

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS7.2AI score0.03937EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/10/20 12:37 p.m.12 views

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS7.2AI score0.03937EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/10/19 2:58 p.m.5 views

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS7.2AI score0.03937EPSS
Exploits0References5
CNVD
CNVD
added 2016/08/03 12:0 a.m.4 views

WordPress ALO EasyMail Newsletter Plugin Cross-Site Request Forgery Vulnerability

The ALO EasyMail Newsletter plugin provides list management results, and it is necessary to read emails from the mail server, so this plugin also stores the login information of the mail server explicitly in the WordPress database. The WordPress Plugin ALO EasyMail Newsletter suffers from a...

6.7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/06/30 12:0 a.m.42 views

Symantec Endpoint Protection Manager 12.1.x < 12.1 RU6 MP5 Multiple Vulnerabilities (SYM16-011)

The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is prior to 12.1 RU6 MP5. It is, therefore, affected by the following vulnerabilities : - A race condition exists in the SEP client that allows a local attacker to bypass security restrictions, resulting in the...

8.8CVSS6.5AI score0.04122EPSS
Exploits4References15
CNVD
CNVD
added 2016/04/16 12:0 a.m.5 views

Accuenergy Acuvim II and IIR AXN-NET Module Information Disclosure Vulnerability

Accuenergy Acuvim II and IIR are Accuenergy's multi-function network power meters that provide power parameter measurement, four-quadrant power metering, and out-of-limit alarms.AXN-NET is one of the Ethernet module accessories. The AXN-NET module of the Accuenergy Acuvim II and IIR stores mail...

7.5CVSS6.9AI score0.01522EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/10/10 12:0 a.m.40 views

BMC Track-It! - Multiple Vulnerabilities

No description provided by source. Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting services o...

7.5CVSS9.2AI score0.80095EPSS
Exploits16
Nmap
Nmap
added 2010/04/04 10:11 a.m.312 views

ms-sql-query NSE Script

Runs a query against Microsoft SQL Server ms-sql. SQL Server credentials required: Yes use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or mssql.instance-port script arguments are used...

10CVSS9.6AI score0.99448EPSS
Exploits33
NVD
NVD
added 2010/02/02 4:30 p.m.12 views

CVE-2009-3035

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and...

4.3CVSS7.1AI score0.00375EPSS
Exploits0References7
Cvelist
Cvelist
added 2010/02/02 4:25 p.m.25 views

CVE-2009-3035

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and...

7AI score0.00375EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2006/09/26 12:0 a.m.25 views

Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch WSFTP Server. Anonymous access or authentication is required to exploit this vulnerability. The specific flaw exists due to a lack of bounds checking during the parsing of long string...

6.5CVSS5AI score0.63838EPSS
Exploits1References1
CERT
CERT
added 2005/03/17 12:0 a.m.26 views

NotifyLink server provides inadequate protection for cryptographic key material

Overview The NotifyLink key exchange protocol contains a vulnerability that significantly reduces the strength of cryptographic keys used to encrypt mail messages. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...

7.5CVSS6.2AI score0.01198EPSS
Exploits0References3
NVD
NVD
added 2004/12/31 5:0 a.m.25 views

CVE-2004-2323

DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...

5CVSS7.1AI score0.014EPSS
Exploits0References5
Rows per page
Query Builder