Lucene search
+L

852 matches found

Tenable Nessus
Tenable Nessus
added 2003/03/01 12:0 a.m.25 views

Cisco VPN 3000 Concentrator HTML Source Plaintext User Password Disclosure (CSCdv88230, CSCdw22408)

The remote VPN concentrator discloses the passwords of its users in the source HTML of the embedded web server. This vulnerability is documented as Cisco bug ID CSCdv88230 and CSCdw22408. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help Ref:...

7.5CVSS5.5AI score0.01317EPSS
Exploits0References1
securityvulns
securityvulns
added 2003/02/28 12:0 a.m.24 views

Ecardis Password Reseting Vulnerability

Hi, I don't know if someone has discovered this before but Ecartis 1.0.0 former listar contains a vulnerability that enables an attacker to reset passwords of any user defined on the list server, including the list admins. After logging on as a non-priviledged user, Ecartis enables the user to...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2003/02/15 12:0 a.m.27 views

PHP-Board 1.0 - User Password Disclosure

PHP-Board 1.0 - User Password Disclosure source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain acce...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/15 12:0 a.m.38 views

PHP-Board 1.0 - User Password Disclosure

source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative...

7.4AI score
Exploits0
CERT
CERT
added 2003/01/15 12:0 a.m.14 views

BEA WebLogic Server "ResourceAllocationException" exception may disclose user password

Overview A vulnerability in BEA's WebLogic Server may disclose sensitive information. Description From the BEA WebLogic Server 7.0 Overview:BEA WebLogic Server is a fully featured, standards-based application server providing the foundation on which an enterprise can build its applications. BEA...

7AI score
Exploits0References1
securityvulns
securityvulns
added 2002/11/02 12:0 a.m.45 views

iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.31.02c: http://www.idefense.com/advisory/10.31.02c.txt PHP-Nuke SQL Injection Vulnerability October 31, 2002 I. BACKGROUND "PHP-Nuke is a news automated system specially designed to be used in Intranets and Internet. The...

7.5CVSS0.1AI score0.04105EPSS
Exploits0
securityvulns
securityvulns
added 2002/10/16 12:0 a.m.43 views

Ingenium Admin Password Vulnerability

The vendor was contacted, but I have not received any response other than an autoresponder over the past week... -E Security Advisory -- Click2Learn's Ingenium LMS Brian Enigma [email protected] http://netninja.com/papers/ingenium/ ----------------------- OVERVIEW ----------------------- Produc...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2002/08/22 12:0 a.m.46 views

Novell Netware rconj unauthorized access

During access via SSL user's password is not verified...

4.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/03/25 12:0 a.m.168 views

memberlist.php of vBulletin

vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.22 views

CVE-1999-1188

mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database...

6.2AI score0.00851EPSS
Exploits0References2
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.22 views

CVE-2001-1005

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges...

6.8AI score0.00714EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2001/10/16 12:0 a.m.97 views

PCCS-Mysql User/Password Exposure

It is possible to read the include file of PCCS-Mysql, dbconnect.inc on the remote server. This include file contains information such as the username and password used to connect to the database. %NASLMINLEVEL 70300 This script was written by Georges Dagousset See the Nessus Scripts License for...

7.5CVSS5.5AI score0.01612EPSS
Exploits0References1
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.23 views

CVE-1999-1526

Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia...

6.5AI score0.01096EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2001/07/12 12:0 a.m.22 views

ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption

// source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a use...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2001/05/07 4:0 a.m.29 views

CVE-2001-0290

Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords...

6.4AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2001/05/03 4:0 a.m.19 views

CVE-2001-0290

Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords...

4.6CVSS6.4AI score0.00333EPSS
Exploits0References1
securityvulns
securityvulns
added 2001/03/11 12:0 a.m.28 views

Дырка в mailman (user passwords access)

Администратор списков может получить доступ к паролям пользователям...

1.3AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2001/03/02 12:0 a.m.20 views

SA2K01.txt

-----/ SA2K01 /-------------------------------/ SecurityApex.com /---- A quick fix against RFP2101 ------------------------------------/ Max / [email protected] Table of contents: -/ 1 / Information on the exploit -/ 2 / Fix for the exploit -/ 3 / Credits...

7.4AI score
Exploits0
NVD
NVD
added 2000/12/11 5:0 a.m.14 views

CVE-2000-1008

PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device...

4.6CVSS6.5AI score0.00541EPSS
Exploits1References2
securityvulns
securityvulns
added 2000/12/07 12:0 a.m.33 views

Дырка в mailman

Ошибка форматной строки в wrapper позволяет получить привилегии группы mailman. Кроме того, файл содержащий пароли пользователей открыт на чтение...

0.6AI score
Exploits0References1Affected Software1
Rows per page
Query Builder