47 matches found
EUVD-2005-3997
Malware in sbrugna...
EUVD-2005-2287
Malware in sbrugna...
EUVD-2005-2285
Malware in sbrugna...
EUVD-2005-2283
Malware in sbrugna...
EUVD-2005-4024
Malware in sbrugna...
EUVD-2005-2284
Malware in sbrugna...
EUVD-2005-2286
Malware in sbrugna...
CVE-2005-2283
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service system and database resource consumption via a large file...
CVE-2005-4029
WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods...
CVE-2005-2286
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource...
CVE-2005-2284
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors...
CVE-2005-4002
WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation...
CVE-2005-2281
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords...
[Full-disclosure] WebEOC Vuln - more info
Hi Guys, Doing a pen test I have come up with a WebEOC server. There are a few vulns listed at: http://secunia.com/advisories/16075/ specifically I am interested in : "6 Sensitive information is exposed in URIs, stored in publicly accessible configuration files, and in the HTML code returned to...
CVE-2005-4029
WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods...
CVE-2005-4029
WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods...
CVE-2005-4029
WebEOC (pre-6.0.2) is affected by CVE-2005-4029. The issue allows remote attackers to read valid usernames from the HTML source on the WebEOC login page, which could enable further attacks such as brute-forcing to lock out legitimate users. The connected Red Hat and CVE records confirm the same v...
CVE-2005-4002
WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation...
CVE-2005-4002
WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation...
CVE-2005-4002
CVE-2005-4002 affects WebEOC prior to 6.0.2. The vulnerability arises because the same secret key is used across all installations, enabling anyone with the key to decrypt data from any WebEOC deployment. The available documents do not specify a fixed root cause mechanism beyond the shared-key is...