852 matches found
Cisco VPN 3000 Concentrator HTML Source Plaintext User Password Disclosure (CSCdv88230, CSCdw22408)
The remote VPN concentrator discloses the passwords of its users in the source HTML of the embedded web server. This vulnerability is documented as Cisco bug ID CSCdv88230 and CSCdw22408. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help Ref:...
Ecardis Password Reseting Vulnerability
Hi, I don't know if someone has discovered this before but Ecartis 1.0.0 former listar contains a vulnerability that enables an attacker to reset passwords of any user defined on the list server, including the list admins. After logging on as a non-priviledged user, Ecartis enables the user to...
PHP-Board 1.0 - User Password Disclosure
PHP-Board 1.0 - User Password Disclosure source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain acce...
PHP-Board 1.0 - User Password Disclosure
source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative...
BEA WebLogic Server "ResourceAllocationException" exception may disclose user password
Overview A vulnerability in BEA's WebLogic Server may disclose sensitive information. Description From the BEA WebLogic Server 7.0 Overview:BEA WebLogic Server is a fully featured, standards-based application server providing the foundation on which an enterprise can build its applications. BEA...
iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.31.02c: http://www.idefense.com/advisory/10.31.02c.txt PHP-Nuke SQL Injection Vulnerability October 31, 2002 I. BACKGROUND "PHP-Nuke is a news automated system specially designed to be used in Intranets and Internet. The...
Ingenium Admin Password Vulnerability
The vendor was contacted, but I have not received any response other than an autoresponder over the past week... -E Security Advisory -- Click2Learn's Ingenium LMS Brian Enigma [email protected] http://netninja.com/papers/ingenium/ ----------------------- OVERVIEW ----------------------- Produc...
Novell Netware rconj unauthorized access
During access via SSL user's password is not verified...
memberlist.php of vBulletin
vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...
CVE-1999-1188
mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database...
CVE-2001-1005
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges...
PCCS-Mysql User/Password Exposure
It is possible to read the include file of PCCS-Mysql, dbconnect.inc on the remote server. This include file contains information such as the username and password used to connect to the database. %NASLMINLEVEL 70300 This script was written by Georges Dagousset See the Nessus Scripts License for...
CVE-1999-1526
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia...
ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption
// source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a use...
CVE-2001-0290
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords...
CVE-2001-0290
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords...
Дырка в mailman (user passwords access)
Администратор списков может получить доступ к паролям пользователям...
SA2K01.txt
-----/ SA2K01 /-------------------------------/ SecurityApex.com /---- A quick fix against RFP2101 ------------------------------------/ Max / [email protected] Table of contents: -/ 1 / Information on the exploit -/ 2 / Fix for the exploit -/ 3 / Credits...
CVE-2000-1008
PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device...
Дырка в mailman
Ошибка форматной строки в wrapper позволяет получить привилегии группы mailman. Кроме того, файл содержащий пароли пользователей открыт на чтение...