160 matches found
Design/Logic Flaw
IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...
CVE-2016-3012
IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
WordPress ALO EasyMail Newsletter Plugin Cross-Site Request Forgery Vulnerability
The ALO EasyMail Newsletter plugin provides list management results, and it is necessary to read emails from the mail server, so this plugin also stores the login information of the mail server explicitly in the WordPress database. The WordPress Plugin ALO EasyMail Newsletter suffers from a...
Symantec Endpoint Protection Manager 12.1.x < 12.1 RU6 MP5 Multiple Vulnerabilities (SYM16-011)
The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is prior to 12.1 RU6 MP5. It is, therefore, affected by the following vulnerabilities : - A race condition exists in the SEP client that allows a local attacker to bypass security restrictions, resulting in the...
Accuenergy Acuvim II and IIR AXN-NET Module Information Disclosure Vulnerability
Accuenergy Acuvim II and IIR are Accuenergy's multi-function network power meters that provide power parameter measurement, four-quadrant power metering, and out-of-limit alarms.AXN-NET is one of the Ethernet module accessories. The AXN-NET module of the Accuenergy Acuvim II and IIR stores mail...
BMC Track-It! - Multiple Vulnerabilities
No description provided by source. Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting services o...
ms-sql-query NSE Script
Runs a query against Microsoft SQL Server ms-sql. SQL Server credentials required: Yes use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or mssql.instance-port script arguments are used...
CVE-2009-3035
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and...
CVE-2009-3035
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and...
Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch WSFTP Server. Anonymous access or authentication is required to exploit this vulnerability. The specific flaw exists due to a lack of bounds checking during the parsing of long string...
NotifyLink server provides inadequate protection for cryptographic key material
Overview The NotifyLink key exchange protocol contains a vulnerability that significantly reduces the strength of cryptographic keys used to encrypt mail messages. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...
CVE-2004-2323
DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...