859 matches found
CVE-2007-3275
MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...
CVE-2007-3275
MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...
Mltiple MIT Kerberos security vulnerabilities
telnet daemon arbitrary user logon without password, krb5klogsyslog buffer overflow, double free vulnerability...
MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-001 Original release: 2007-04-03 Last update: 2007-04-03 Topic: telnetd allows login as arbitrary user Severity: CRITICAL CVE: CVE-2007-0956 CERT: VU220816 SUMMARY ======= The MIT krb5 telnet daemon telnetd allows...
MIT Kerberos 5 telnet daemon allows login as arbitrary user
Overview A vulnerability exists in the version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthorized attacker to log on to the system with elevated privileges. Description A vulnerability exists version of the telnet daemon included with the MIT...
CVE-2006-5597
join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified 1 frmMailBox and 2 frmUserPass parameters...
CVE-2006-5476
Cross-site request forgery CSRF vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors...
CVE-2006-5474
The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset...
NeoSys Neon Webmail for Java 5.065.07 - updateuser?in_id Servlet Arbitrary User Information Modification
NeoSys Neon Webmail for Java 5.065.07 - updateuser?inid Servlet Arbitrary User Information Modification source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: -...
NeoSys Neon Webmail for Java 5.06/5.07 - 'updateuser?in_id' Servlet Arbitrary User Information Modification
source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an arbitrary-email-manipulation vulnerability - multiple...
CVE-2006-4272
Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service resource consumption via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations...
PT-2006-5082 · Jelsoft · Vbulletin
Name of the Vulnerable Software and Affected Versions: Jelsoft vBulletin version 3.5.4 Description: The issue allows remote attackers to register multiple arbitrary users, potentially causing a denial of service due to resource consumption. This can be achieved by sending a large number of reques...
DELTAScripts PHP Classifieds 6.20 - Member_Login.php SQL Injection
DELTAScripts PHP Classifieds 6.20 - MemberLogin.php SQL Injection source: https://www.securityfocus.com/bid/16642/info PHP Classifieds is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...
DELTAScripts PHP Classifieds 6.20 - 'Member_Login.php' SQL Injection
source: https://www.securityfocus.com/bid/16642/info PHP Classifieds is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromis...
SUSE-SA:2005:012: imap
The remote host is missing the patch for the advisory SUSE-SA:2005:012 imap. The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to...
Nihuo Web Log Analyzer 1.6 - HTML Injection
Nihuo Web Log Analyzer 1.6 - HTML Injection source: https://www.securityfocus.com/bid/10988/info An HTML injection vulnerability is reported in Nihuo Web Log Analyzer. The problem occurs due to a lack of proper sanitization of user-supplied input data. Attackers may potentially exploit this issue...
Messagerie 1.0 - Arbitrary User Removal Denial of Service
Messagerie 1.0 - Arbitrary User Removal Denial of Service source: https://www.securityfocus.com/bid/4635/info Messagerie is a web message board application maintained by La Basse. An issue has been discovered in Messagerie, which could allow an attacker to delete arbitrary user accounts...
Messagerie 1.0 - Arbitrary User Removal Denial of Service
source: https://www.securityfocus.com/bid/4635/info Messagerie is a web message board application maintained by La Basse. An issue has been discovered in Messagerie, which could allow an attacker to delete arbitrary user accounts. Reportedly, submitting a specially crafted URL will successfully...
CVE-1999-1172
The vulnerability CVE-1999-1172 affects Maximizer Enterprise 4 calendar and address book. According to the provided descriptions, the issue allows arbitrary users to modify another user’s calendar during sharing, indicating an access control/authorization weakness in the calendar-sharing feature....