storing software vulnerabilities
vulnerabilities.aspcode.net
Searching storing software vulnerabilities
FTP Explorer uses weak encryption for storing t
encryption
|
password
|
username
|
Explorer
|
profile
|
storing
|
sites
|
uses
|
weak
|
FTP
|
FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.
NetZero 3.0 and earlier uses weak encryption fo
information
|
encryption
|
password
|
storing
|
NetZero
|
decrypt
|
earlier
|
allows
|
user's
|
local
|
login
|
which
|
uses
|
weak
|
user
|
NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password.
Cerulean Studios Trillian 0.73 and earlier use
Trillian
|
Cerulean
|
Studios
|
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
Unspecified vulnerability in rshd in Heimdal 0.
vulnerability
|
Unspecified
|
Heimdal
|
before
|
rshd
|
06x
|
Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.
wimpy_trackplays.php in Plaino Wimpy MP3 Player
wimpy_trackplaysphp
|
trackmetxt
|
attackers
|
arbitrary
|
possibly
|
strings
|
earlier
|
insert
|
remote
|
Plaino
|
Player
|
allows
|
Wimpy
|
into
|
via
|
MP3
|
wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability. NOTE: since this issue, as described by the original researcher, is entirely dependent on the presence of another vulnerability, it could be argued that Wimpy cannot be responsible for how its data file is processed by applications outside of its control. Since this issue might only be useful as a facilitator manipulation in another vulnerability, perhaps it should not be included in CVE.
debconf in Debian GNU/Linux, when configuring m
mnogosearch-common/database_admin_pass
|
mnogosearch-common
|
world-readable
|
administrator
|
passwordsdat
|
configuring
|
mnogosearch
|
restricted
|
cleartext
|
GNU/Linux
|
configdat
|
password
|
database
|
package
|
debconf
|
storing
|
instead
|
allows
|
record
|
Debian
|
3231-1
|
which
|
users
|
local
|
view
|
file
|
uses
|
debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password.
Directory traversal vulnerability in include/co
include/commonphp
|
vulnerability
|
Directory
|
traversal
|
before
|
PunBB
|
Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table.
The luci server component in conga preserves th
System/Cluster
|
performing
|
preserves
|
operation
|
attribute
|
attackers
|
component
|
password
|
storing
|
between
|
source"
|
server
|
obtain
|
allows
|
other
|
which
|
"view
|
steal
|
loads
|
conga
|
Value
|
field
|
entry
|
page
|
luci
|
flow
|
task
|
web
|
Add
|
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
The Visionsoft Audit on Demand Service (VSAOD)
Visionsoft
|
Service
|
Demand
|
Audit
|
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
Software vulnerabilities results 1 to 10 of 10
Page:
1