password protected software vulnerabilities
vulnerabilities.aspcode.net
Searching password protected software vulnerabilities
The Economist screen saver 1999 with the "Passw
Economist
|
screen
|
saver
|
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.
Macromedia "The Matrix" screen saver on Windows
protected"
|
Macromedia
|
attackers
|
"Password
|
physical
|
pressing
|
password
|
enabled
|
machine
|
Windows
|
Matrix"
|
screen
|
bypass
|
prompt
|
allows
|
option
|
access
|
saver
|
"The
|
ESC
|
Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key.
Crystal Reports, when displaying data for a pas
displaying
|
attackers
|
protected
|
passwords
|
cleartext
|
username
|
database
|
password
|
Reports
|
Crystal
|
allows
|
obtain
|
remote
|
embeds
|
pages
|
using
|
which
|
data
|
HTML
|
page
|
URL
|
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.
AOL AOLserver 3.4.2 Win32 allows remote attacke
AOLserver
|
AOL
|
AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file.
Lil HTTP Server 2.1 allows remote attackers to
password-protected
|
attackers
|
request
|
remote
|
Server
|
allows
|
files
|
HTTP
|
read
|
Lil
|
via
|
Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request.
Directory traversal vulnerability in Cobalt RAQ
password-protected
|
vulnerability
|
attackers
|
traversal
|
Directory
|
possibly
|
outside
|
Cobalt
|
allows
|
remote
|
files
|
root
|
read
|
via
|
RAQ
|
web
|
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
The default installation of SAP R/3, when using
installation
|
SQL*net
|
default
|
Oracle
|
using
|
SAP
|
R/3
|
The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.
Savant Web Server 3.1 and earlier allows remote
authentication
|
attackers
|
protected
|
password
|
earlier
|
folders
|
encoded
|
Server
|
Savant
|
allows
|
remote
|
bypass
|
space
|
user
|
hex
|
Web
|
via
|
URL
|
Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename.
The Czech edition of Software602's Web Server b
Software602's
|
edition
|
before
|
Server
|
Czech
|
Web
|
The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected.
Lexar Safe Guard for JumpDrive Secure 1.0 store
insecurely
|
encryption
|
protected
|
JumpDrive
|
password
|
directly
|
access
|
device
|
allows
|
stores
|
Secure
|
memory
|
users
|
drive
|
local
|
Guard
|
using
|
Lexar
|
which
|
part
|
Safe
|
read
|
XOR
|
Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive.
The conference menu in ActivePost Standard 3.1
password-protected
|
information
|
conference
|
ActivePost
|
connection
|
cleartext
|
attackers
|
sensitive
|
passwords
|
Standard
|
sniffing
|
network
|
remote
|
which
|
rooms
|
sends
|
allow
|
could
|
menu
|
gain
|
The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection.
F-Secure Anti-Virus for Microsoft Exchange 6.30
Anti-Virus
|
Microsoft
|
Exchange
|
F-Secure
|
F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection.
Xconfig in Hummingbird Exceed before 9.0.0.1, w
Hummingbird
|
Xconfig
|
before
|
Exceed
|
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.
Computer Associates eTrust Antivirus EE 6.0 thr
password-protected
|
Associates
|
attackers
|
including
|
protected
|
Antivirus
|
scanning
|
password
|
Computer
|
through
|
causes
|
eTrust
|
bypass
|
remote
|
allows
|
which
|
other
|
virus
|
files
|
skip
|
file
|
scan
|
only
|
ZIP
|
Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.
MiniGal 2 (MG2) 0.5.1 allows remote attackers t
MiniGal
|
MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all.
VSNS Lemon 3.2.0 allows remote attackers to byp
Lemon
|
VSNS
|
VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic.
The HTTP handlers in BEA WebLogic Server 9.0, 8
application
|
privileges
|
cleartext
|
attackers
|
protected
|
username
|
password
|
WebLogic
|
handlers
|
allows
|
access
|
Server
|
stores
|
fails
|
which
|
gain
|
HTTP
|
JWS
|
SP7
|
SP6
|
SP5
|
BEA
|
web
|
log
|
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.
VNC server on the AK-Systems Windows Terminal 1
AK-Systems
|
Terminal
|
Windows
|
server
|
VNC
|
VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions.
Stack-based buffer overflow in RARLabs Unrar, a
password-protected
|
user-assisted
|
Stack-based
|
arbitrary
|
attackers
|
possibly
|
products
|
overflow
|
packaged
|
execute
|
archive
|
RARLabs
|
crafted
|
WinRAR
|
buffer
|
remote
|
allows
|
Unrar
|
other
|
code
|
via
|
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.
The JMS Message Bridge in BEA WebLogic Server 7
unauthorized
|
configured
|
connection
|
attackers
|
protected
|
messages
|
password
|
username
|
WebLogic
|
security
|
defined
|
Message
|
Service
|
through
|
without
|
bypass
|
Server
|
access
|
policy
|
queue"
|
Bridge
|
allows
|
remote
|
"send
|
Pack
|
JMS
|
SP7
|
BEA
|
not
|
URL
|
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."
Software vulnerabilities results 1 to 20 of 1048
Page:
1
2
3
4
5
...
53
►