NotCVE - vendor:"Passwd" product:"Passwd" version:"1.2"

2 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 2

CVE-2009-2360 – Horde 3.1 - 'Passwd' Module Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-2360

Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Passwd anteriores a v3.1.1 de Horde, permite a los atacantes remotos inyectar código web o HTML a través del parametro backend • https://www.exploit-db.com/exploits/33065 http://bugs.horde.org/ticket/8398 http://lists.horde.org/archives/announce/2009/000507.html http://secunia.com/advisories/35720 http://secunia.com/advisories/35769 http://www.debian.org/security/2009/dsa-1829 http://www.securityfocus.com/bid/35573 http://www.vupen.com/english/advisories/2009/1784 https://exchange.xforce.ibmcloud.com/vulnerabilities/51542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2000-0492 – PassWD 1.2 - Weak Encryption

https://notcve.org/view.php?id=CVE-2000-0492

PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords. • https://www.exploit-db.com/exploits/19989 http://archives.neohapsis.com/archives/bugtraq/2000-05/0450.html http://www.securityfocus.com/bid/1300 •