5 matches found
CVE-2021-36767
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's...
CVE-2020-2291
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
BNCweb File Disclosure Vulnerability
BNCweb is a set of CGI scripts developed at the University of Zьrich as a user-friendly query interface to the British National Corpus. It allows linguists to retrieve lexical, grammatical and textual data from this 100 million word collection of english texts using a web browser. For more...
CVE-2002-0202
PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to 1 obtain the encrypted server password via the world-readable oekakibbs.conf file, or 2 modify the server configuration via the world-writeable /oekaki/ folder...
CVE-2002-0202
PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to 1 obtain the encrypted server password via the world-readable oekakibbs.conf file, or 2 modify the server configuration via the world-writeable /oekaki/ folder...