Lucene search
K

7186 matches found

CVE
CVE
added 2001/09/12 4:0 a.m.62 views

CVE-2000-1199

CVE-2000-1199 affects PostgreSQL: usernames and passwords are stored in plaintext in (1) pg_shadow and (2) pg_pwd, enabling attackers with sufficient privileges to access databases. This root cause is plaintext credential storage; impact is described as partial confidentiality, partial integrity,...

4.6CVSS6.8AI score0.00912EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2001/09/12 4:0 a.m.58 views

CVE-1999-1322

The CVE concerns the installation of 1ArcServe Backup and Inoculan AV client modules for Exchange, which can create a log file exchverify.log that stores usernames and passwords in plaintext. Affected components: the Exchange-related client modules for 1ArcServe Backup and Inoculan AV. Underlying...

4.6CVSS7.4AI score0.01503EPSS
Exploits0References2Affected Software3
securityvulns
securityvulns
added 2001/09/06 12:0 a.m.58 views

Очередные проблемы в CGI

Недостаточная проверка shell символов в данных пользователя при вызове внешней команды...

0.4AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2001/09/04 12:0 a.m.40 views

Possible Issue with Netinfo and Mac OS X

Hi, I have been using Mac OS X for quite a while now, and I have just found something that concerns me a little. As you probably know Mac OS X is based on BSD and by default does not have any services running though it is not hard to turn these on thefore is reasonably secure out of the box. Now ...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/08/27 12:0 a.m.38 views

security hole in os groupware suite PHProjekt

Overview PHProjekt is an open source groupware suite written in PHP4 with mysql/postgres/oracle/informix/ms-sql support: www.PHProjekt.com The security hole concernes the several modules. Details By modifying the ID number in links an user can view, moduify or delete data of other users randomly...

1AI score
Exploits0
securityvulns
securityvulns
added 2001/08/21 12:0 a.m.31 views

tdforum 1.2 Messageboard

Examination of the program "TDForum 1.2", a guest book style, unthreaded messageboard, for sale at http://www.tdscripts.com http://www.tdavidscripts.com/ aliases the same, revealed a serious client-side security risk to the users of the forum. Because user supplied data is not being sanitized,...

6.4AI score
Exploits0
CERT
CERT
added 2001/08/02 12:0 a.m.64 views

Microsoft Outlook View Control allows execution of arbitrary code and manipulation of user data

Overview A vulnerability exists in an ActiveX control supplied with Microsoft Outlook 2002 that could allow malicious code on a web page or in an HTML email message to manipulate Outlook data or execute arbitrary code as the user running Outlook. Description Microsoft Outlook 2002 installs an...

10CVSS7AI score0.52851EPSS
Exploits0References12
securityvulns
securityvulns
added 2001/05/29 12:0 a.m.49 views

TWIG SQL query bugs

I can't find the person who really in charge on developing twig, so I mail about this bug to the person who announce new version of twig about two month ago. -------------------------------------------------------------------------- Subject: Unquoted SQL query = potential damage Software package:...

7.8AI score
Exploits0
Exploit DB
Exploit DB
added 2001/05/08 12:0 a.m.40 views

DCForum 6.0 - Remote Admin Privilege Arbitrary Commands

source: https://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of arbitrary...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2001/04/25 12:0 a.m.20 views

RaidenFTPd 2.1 - Directory Traversal

RaidenFTPd 2.1 - Directory Traversal source: https://www.securityfocus.com/bid/2655/info Raiden FTPD is susceptible to directory traversal attacks using multiple dots in submitted commands specifying file paths. If the request is properly composed, RaidenFTPD will serve files outside of the...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2001/04/25 12:0 a.m.38 views

RaidenFTPd 2.1 - Directory Traversal

source: https://www.securityfocus.com/bid/2655/info Raiden FTPD is susceptible to directory traversal attacks using multiple dots in submitted commands specifying file paths. If the request is properly composed, RaidenFTPD will serve files outside of the intended webroot, potentially compromising...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2001/04/16 12:0 a.m.21 views

FreeBSD 4.2-stable - FTPd glob() Remote Buffer Overflow

FreeBSD 4.2-stable - FTPd glob Remote Buffer Overflow source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2001/04/16 12:0 a.m.32 views

OpenBSD 2.x < 2.8 FTPd - 'glob()' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing operations, the ftp daemon...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2001/03/28 12:0 a.m.37 views

Apache Tomcat 3.0 - Directory Traversal

source: https://www.securityfocus.com/bid/2518/info Apache Tomcat in a Windows NT environment could be led to traverse the normal directory structure and return requested files from outside of the document root. By including '/../' sequences along with specially chosen characters in requested URL...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2001/03/27 12:0 a.m.35 views

anaconda clipper 3.3 - Directory Traversal

source: https://www.securityfocus.com/bid/2512/info Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks. By including '/../' sequences in requested URLs, an attacker can cause the retrieval of arbitrary files,...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/03/20 12:0 a.m.22 views

Aspseek Buffer Overflow

|---------------------------------------------------------------------------------------| / Product: Aspseek Search Engine. Vendor URL: www.aspseek.org / Tested on: v1.0.0 - v1.0.3 Freeware Linux Vendor Contact: Mailed on 8th March NO Reply Vendor Patched though / |-- The Problem,...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2001/02/16 12:0 a.m.20 views

ultimate-bb.txt

I set up a script on some server somewhere that will mail me the contents of "whatever" in a url query as such - http://somehost.com/somescript.php/cgi/pl/asp?contents="whatever" when I have that script in place I post a message on the board that I wish to steal peoples passes from withfor Intern...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2000/10/27 12:0 a.m.35 views

Squid doesn't quote urls in error messages.

Hi, I noticed that Squid 2.3.STABLE4 doesn't quote urls in error messages. For example if a user visits the following url http://www.dotcom.com/ btest/b The user will get an invalid url page with test in bold. Or even more fun with: http://www.somecompany.com/img...

7AI score
Exploits0
Debian
Debian
added 2000/09/10 12:0 a.m.12 views

[SECURITY] New version of horde and imp released

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman September 10, 2000 - ------------------------------------------------------------------------ Package : horde and imp Problem type...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2000/08/02 12:0 a.m.29 views

ntop.advisory.txt

================================================================================ Hackerslab bugpaper ntop web mode vulnerabliity ================================================================================ Command : /sbin/ntop -w SYSTEM : N/A INFO : ntop - display top network users -w Starts...

7.4AI score
Exploits0
Rows per page
Query Builder