|
317551
|
- |
|
cgiscript
|
cssearch_professional
|
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file th…
|
CWE-94
Code Injection
|
CVE-2002-0495
|
2024-02-14 01:20 |
2002-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317552
|
9.8 |
CRITICAL
Network
|
xitami
|
xitami
|
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2001-1481
|
2024-02-14 01:20 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317553
|
7.5 |
HIGH
Network
|
ipswitch
|
imail
|
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2005-2160
|
2024-02-14 01:19 |
2005-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317554
|
- |
|
cutephp
|
cutenews
|
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a temp…
|
CWE-94
Code Injection
|
CVE-2005-1876
|
2024-02-14 01:19 |
2005-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317555
|
- |
|
flatnuke
|
flatnuke
|
Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be…
|
CWE-94
Code Injection
|
CVE-2005-1894
|
2024-02-14 01:19 |
2005-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317556
|
7.5 |
HIGH
Network
|
symfony
|
twig
|
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication inform…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2001-1537
|
2024-02-14 01:19 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317557
|
7.5 |
HIGH
Network
|
dlink
|
dsl-504t_firmware
|
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2005-1828
|
2024-02-14 01:17 |
2005-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317558
|
7.5 |
HIGH
Network
|
broadcom
|
bluecoat_security_gateway
|
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which all…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2004-2397
|
2024-02-14 01:17 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317559
|
- |
|
myupb
|
ultimate_php_board
|
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is execute…
|
CWE-94
Code Injection
|
CVE-2003-0395
|
2024-02-14 01:14 |
2003-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317560
|
5.5 |
MEDIUM
Local
|
capturix
|
scanshare
|
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2005-2209
|
2024-02-14 01:09 |
2005-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
