Siteman 1.1 - User Database Privilege Escalation (2)

source: https://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply additional lines to the stream used to...

Siteman < 1.1.11 Page User Database Privilege Escalation

Binary data 2545.prm...

Siteman 1.1 - User Database Privilege Escalation (1)

Siteman 1.1 - User Database Privilege Escalation 1 source: https://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker c...

CVE-2004-1022

Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software...

advisory-05-glFTPd.txt

------------------------------------------------- No System Group - Advisory 05 - 18/09/04 ------------------------------------------------- Program: glFTPd Homepage: http://www.glftpd.com Vulnerable Versions: glFTPd v2.00RC3 and prior Risk: Low / Medium Impact: Local Stack Buffer Overflow...

ArGoSoft FTP Server 1.0/1.2/1.4 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/9770/info ArGoSoft has released version 1.4.1.6 of their FTP Server to address multiple unspecified security vulnerabilities. These issues include three buffer overruns when handling overly long FTP SITE ZIP and SITE COPY commands, a file enumeration issu...

ASP-Nuke 1.0/1.2/1.3 - Remote User Database Access

source: https://www.securityfocus.com/bid/9355/info A problem has been identified in ASP-Nuke when user credentials are stored on a system. Because of this, an attacker may be able to gain unauthorized access to sensitive information. http://www.example.com/db/main.mdb...

SimpleBBS users disclosure

The remote installation of SimpleChat allows an unauthenticated, remote attacker to retrieve its user database via a direct request to 'data/usr', which contains confidential information such as user passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

SimpleBBS 1.0.6 Default Permissions Vuln

SimpleBBS 1.0.6 Security Problem: User database stored in a php file that's readable by anyone. http://www.tareget.com/simplebbs/users/users.php Passwords are md5'ed, but user data is not. The vendor was notified and has released updates. FluRDoInG [email protected] http://www.flurnet.org KEY ID...

SimpleBBS 1.0.6 - users.php Insecure File Permissions

SimpleBBS 1.0.6 - users.php Insecure File Permissions source: https://www.securityfocus.com/bid/7045/info SimpleBBS reportedly creates sensitive files with world-readable permissions. As a result anyone who has access to SimpleBBS web resources may access confidential information stored in the...

CVE-2002-0943

MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb...

Unauthorized access in midicart

It's possible to obtain full user's database in file midicart.mdb...

PHP problem

This is not really an advisory, but a warning for sysadmins running webservers with PHP. I noticed that it was possible to rebuild the user database Unix even when safemode prevented from reading /etc/passwd and openbasedir prevented from accessing /etc. The implementation of getpwuid,nam functio...

SIPS - vulnerable to anyone gaining admin access.

!/exploit/by/b0iler sips - http://sourceforge.net/projects/sips/ versions lower than 0.3.1 Taken from freshmeat: "About: SIPS is an integrated Weblog and link-indexing system written in PHP. It is aimed at those with access to databaseless, PHP-enabled Web servers who want to run a Weblog site li...