|
318031
|
9.8 |
CRITICAL
Network
|
arkeia
|
network_backup
|
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2005-0496
|
2024-02-14 01:48 |
2005-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318032
|
- |
|
iisprotect
|
iisprotect
|
SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certai…
|
CWE-89
SQL Injection
|
CVE-2003-0377
|
2024-02-14 01:47 |
2003-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318033
|
9.8 |
CRITICAL
Network
|
linksys
|
wap54g_firmware
|
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitr…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2010-1573
|
2024-02-14 01:43 |
2010-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318034
|
5.5 |
MEDIUM
Local
|
pgp
|
personal_privacy
|
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Alw…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2002-1696
|
2024-02-14 01:20 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318035
|
- |
|
cgiscript
|
cssearch_professional
|
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file th…
|
CWE-94
Code Injection
|
CVE-2002-0495
|
2024-02-14 01:20 |
2002-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318036
|
9.8 |
CRITICAL
Network
|
xitami
|
xitami
|
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2001-1481
|
2024-02-14 01:20 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318037
|
7.5 |
HIGH
Network
|
ipswitch
|
imail
|
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2005-2160
|
2024-02-14 01:19 |
2005-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318038
|
- |
|
cutephp
|
cutenews
|
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a temp…
|
CWE-94
Code Injection
|
CVE-2005-1876
|
2024-02-14 01:19 |
2005-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318039
|
- |
|
flatnuke
|
flatnuke
|
Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be…
|
CWE-94
Code Injection
|
CVE-2005-1894
|
2024-02-14 01:19 |
2005-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318040
|
7.5 |
HIGH
Network
|
symfony
|
twig
|
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication inform…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2001-1537
|
2024-02-14 01:19 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
