stealing software vulnerabilities
vulnerabilities.aspcode.net
Searching stealing software vulnerabilities
PHP-Nuke 5.1 stores user and administrator pass
administrator
|
privileges
|
passwords
|
attackers
|
stealing
|
sniffing
|
decoding
|
PHP-Nuke
|
base-64
|
encoded
|
stores
|
remote
|
cookie
|
could
|
which
|
allow
|
user
|
gain
|
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
CGIScript.net csPassword.cgi stores usernames a
passwordcgitmp
|
csPasswordcgi
|
CGIScriptnet
|
unencrypted
|
modifying
|
temporary
|
usernames
|
passwords
|
stores
|
which
|
could
|
allow
|
while
|
users
|
local
|
file
|
data
|
CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed.
Yet Another Bulletin Board (YaBB) 1.40 and 1.41
Bulletin
|
Another
|
Board
|
Yet
|
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php.
Snitz Forums 3.4.03 and earlier allows attacker
Forums
|
Snitz
|
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
SQL injection vulnerability in the PostgreSQL a
authentication
|
vulnerability
|
PostgreSQL
|
injection
|
module
|
SQL
|
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
Horde before 2.2.4 allows remote malicious web
before
|
Horde
|
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
Phorum allows remote attackers to hijack sessio
phorum_uriauth
|
demonstrated
|
profilephp
|
replaying
|
parameter
|
attackers
|
stealing
|
sessions
|
session
|
hijack
|
remote
|
allows
|
Phorum
|
using
|
users
|
other
|
hash
|
Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.
Cross-site scripting (XSS) vulnerability in ind
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.
EMC RSA Security SiteKey issues challenge-bypas
challenge-bypass
|
authentication
|
cancellation
|
replaying
|
interface
|
attackers
|
Security
|
stealing
|
without
|
SiteKey
|
persist
|
forever
|
bypass
|
easier
|
issues
|
tokens
|
token
|
stage
|
users
|
which
|
makes
|
RSA
|
EMC
|
one
|
end
|
EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.
Software vulnerabilities results 1 to 10 of 10
Page:
1