Searching sniff software vulnerabilities

ARCserve NT agents use weak encryption (XOR) fo

encryption | ARCserve | agents | weak | use |

ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.


The default encryption method of PcAnywhere 9.x

PcAnywhere | encryption | attackers | accounts | decrypt | default | remote | method | domain | allows | sniff | which | uses | weak |

The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts.


Meeting Maker uses weak encryption (a polyalpha

encryption | Meeting | Maker | weak | uses |

Meeting Maker uses weak encryption (a polyalphabetic substitution cipher) for passwords, which allows remote attackers to sniff and decrypt passwords for Meeting Maker accounts.


Microsys CyberPatrol uses weak encryption (triv

CyberPatrol | encryption | Microsys | weak | uses |

Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.


The web administration interface for Interscan

administration | administrator | setpasswdcgi | encryption | attackers | usernames | passwords | VirusWall | Interscan | interface | requests | password | program | encoded | earlier | contain | base64 | remote | obtain | other | allow | could | which | sniff | HTTP | does | web | not | use | via | 36x | GET |

The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.


Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10)

Server | Gene6 | FTP |

Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.


EFTP 2.0.7.337 allows remote attackers to obtai

EFTP |

EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.


The remote admimnistration client for RhinoSoft

admimnistration | RhinoSoft | plaintext | One-Time | password | client | remote | Serv-U | S/KEY | sends | user | even |

The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.


Farm9 Cryptcat, when started in server mode wit

configuration | communicate | information | encryption | sensitive | attackers | intended | Cryptcat | clients | despite | without | started | option | server | remote | allows | enable | allow | which | sniff | Farm9 | does | mode | not | may |

Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information.


Microsoft SQL Server 6.0 through 2000, with SQL

Microsoft | through | Server | SQL |

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.


The Network Attached Storage (NAS) Administrati

Attached | Storage | Network |

The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.


ifconfig, when used on the Linux kernel 2.2 and

PACKET_MR_PROMISC | demonstrated | promiscuous | attackers | detection | interface | ifconfig | libpcap | network | without | report | kernel | which | allow | could | Linux | later | using | sniff | does | mode | used | put | not |

ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.


Sustworks IPNetSentryX and IPNetMonitorX allow

IPNetMonitorX | applications | IPNetSentryX | Sustworks | packets | network | helper | setuid | local | allow | users | sniff | via |

Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow.


BEA WebLogic Express and Server 7.0 through 8.1

circumstances | WebLogic | through | certain | request | Express | Server | under | over | SSL | BEA | use |

BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.


AIM Sniff (aimSniff.pl) 0.9b allows local users

Sniff | AIM |

AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log.


phpGroupWare before 0.9.16.002 transmits the (1

phpGroupWare | before |

phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.


pam_ldap and nss_ldap, when used with OpenLDAP

connecting | subsequent | connection | cleartext | attackers | pam_ldap | nss_ldap | password | referred | OpenLDAP | client | master | allows | remote | sniff | cause | slave | using | which | used | sent | does | use | not | may | TLS |

pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.


Linksys WRT54G router uses the same private key

information | certificate | connection | sensitive | attackers | private | Linksys | remote | allows | router | WRT54G | obtain | sniff | every | which | same | uses | SSL | key |

Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.


The web interface for American Power Conversion

Conversion | interface | American | Power | web |

The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials.


The notifyendsubs cron job in Campsite before 2

notifyendsubs | Campsite | before | cron | job |

The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.


Software vulnerabilities results 1 to 20 of 27     
Page: 12