Searching steal software vulnerabilities

Common Cryptographic Architecture (CCA) in IBM

Cryptographic | Architecture | Common |

Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.


Cross-site scripting vulnerability in Infopop U

vulnerability | Cross-site | scripting | Ultimate | Bulletin | Infopop | Board |

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.


The License Manager (mathlm) for Mathematica 4.

Manager | License |

The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license.


AmTote International homebet program stores the

International | homebetlog | directory | attackers | homebet/ | virtual | account | numbers | program | homebet | remote | AmTote | stores | allows | steal | which | file | PIN |

AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers.


Horde Internet Messaging Program (IMP) before 2

Messaging | Internet | Program | Horde |

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.


Cross-site scripting vulnerability in Infopop U

vulnerability | Cross-site | scripting | Ultimate | Bulletin | Infopop | Board |

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.


Cross-site scripting in PostCalendar 3.02 allow

PostCalendar | Cross-site | scripting |

Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page.


Cross-site scripting vulnerability in viewcvs.c

vulnerability | viewcvscgi | Cross-site | scripting | ViewCVS |

Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.


Multiple cross-site scripting vulnerabilities i

vulnerabilities | cross-site | ezContents | scripting | Multiple |

Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities.


MidiCart stores the midicart.mdb database file

midicartmdb | information | requesting | sensitive | attackers | document | directly | database | MidiCart | remote | stores | allows | under | steal | which | file | root | Web |

MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.


Unknown vulnerability in the System Serial Cons

vulnerability | terminal | Console | Unknown | Solaris | System | Serial |

Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.


Demarc Puresecure 1.6 stores authentication inf

authentication | information | privileges | Puresecure | plaintext | attackers | passwords | logging | allows | Demarc | stores | server | names | which | steal | login | gain |

Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges.


SQL injection vulnerability in viewtopic.php fo

vulnerability | viewtopicphp | injection | phpBB | SQL |

SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.


Horde before 2.2.4 allows remote malicious web

before | Horde |

Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.


Einstein 1.0 stores credit card information in

world-readable | information | walletsdat | plaintext | Einstein | allows | stores | credit | steal | local | users | which | card | file |

Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information.


Hosting Controller 6.1 HotFix 2.0 and earlier a

UserProfileasp | updateprofile | emailaddress | privileges | Controller | passwords | parameter | attackers | modified | earlier | Hosting | HotFix | action | allows | remote | steal | gain | via |

Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.


Krusader 1.50-beta1 up to 1.70.0 stores passwor

150-beta1 | Krusader |

Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.


Battlefront Dropteam 1.3.3 and earlier sends th

Battlefront | Dropteam |

Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.


Software vulnerabilities results 1 to 20 of 100     
Page: 123456