Lucene search
K

859 matches found

NVD
NVD
added 2007/06/19 9:30 p.m.14 views

CVE-2007-3275

MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...

7.1CVSS6.7AI score0.01485EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/06/19 9:0 p.m.23 views

CVE-2007-3275

MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...

6.7AI score0.01485EPSS
Exploits0References6
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.53 views

Mltiple MIT Kerberos security vulnerabilities

telnet daemon arbitrary user logon without password, krb5klogsyslog buffer overflow, double free vulnerability...

9CVSS2.6AI score0.29842EPSS
Exploits2References6Affected Software1
securityvulns
securityvulns
added 2007/04/04 12:0 a.m.89 views

MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-001 Original release: 2007-04-03 Last update: 2007-04-03 Topic: telnetd allows login as arbitrary user Severity: CRITICAL CVE: CVE-2007-0956 CERT: VU220816 SUMMARY ======= The MIT krb5 telnet daemon telnetd allows...

10CVSS9.6AI score0.97848EPSS
Exploits14
CERT
CERT
added 2007/04/03 12:0 a.m.43 views

MIT Kerberos 5 telnet daemon allows login as arbitrary user

Overview A vulnerability exists in the version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthorized attacker to log on to the system with elevated privileges. Description A vulnerability exists version of the telnet daemon included with the MIT...

10CVSS9.5AI score0.29842EPSS
Exploits1References7
NVD
NVD
added 2006/10/28 12:7 a.m.18 views

CVE-2006-5597

join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified 1 frmMailBox and 2 frmUserPass parameters...

7.5CVSS6.8AI score0.02513EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2006/10/24 8:7 p.m.31 views

CVE-2006-5476

Cross-site request forgery CSRF vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors...

7.5CVSS6.1AI score0.01767EPSS
Exploits0References1
NVD
NVD
added 2006/10/24 8:7 p.m.16 views

CVE-2006-5474

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset...

7.5CVSS7.1AI score0.01839EPSS
Exploits1References6
exploitpack
exploitpack
added 2006/09/20 12:0 a.m.14 views

NeoSys Neon Webmail for Java 5.065.07 - updateuser?in_id Servlet Arbitrary User Information Modification

NeoSys Neon Webmail for Java 5.065.07 - updateuser?inid Servlet Arbitrary User Information Modification source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/20 12:0 a.m.30 views

NeoSys Neon Webmail for Java 5.06/5.07 - 'updateuser?in_id' Servlet Arbitrary User Information Modification

source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an arbitrary-email-manipulation vulnerability - multiple...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2006/08/21 9:0 p.m.24 views

CVE-2006-4272

Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service resource consumption via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations...

6.7AI score0.01468EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2006/08/21 12:0 a.m.10 views

PT-2006-5082 · Jelsoft · Vbulletin

Name of the Vulnerable Software and Affected Versions: Jelsoft vBulletin version 3.5.4 Description: The issue allows remote attackers to register multiple arbitrary users, potentially causing a denial of service due to resource consumption. This can be achieved by sending a large number of reques...

7.5CVSS7.5AI score0.01468EPSS
Exploits0References5
exploitpack
exploitpack
added 2006/02/14 12:0 a.m.17 views

DELTAScripts PHP Classifieds 6.20 - Member_Login.php SQL Injection

DELTAScripts PHP Classifieds 6.20 - MemberLogin.php SQL Injection source: https://www.securityfocus.com/bid/16642/info PHP Classifieds is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/02/14 12:0 a.m.21 views

DELTAScripts PHP Classifieds 6.20 - 'Member_Login.php' SQL Injection

source: https://www.securityfocus.com/bid/16642/info PHP Classifieds is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromis...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/03/01 12:0 a.m.25 views

SUSE-SA:2005:012: imap

The remote host is missing the patch for the advisory SUSE-SA:2005:012 imap. The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to...

7.5CVSS5.5AI score0.05091EPSS
Exploits0References1
exploitpack
exploitpack
added 2004/08/20 12:0 a.m.11 views

Nihuo Web Log Analyzer 1.6 - HTML Injection

Nihuo Web Log Analyzer 1.6 - HTML Injection source: https://www.securityfocus.com/bid/10988/info An HTML injection vulnerability is reported in Nihuo Web Log Analyzer. The problem occurs due to a lack of proper sanitization of user-supplied input data. Attackers may potentially exploit this issue...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2002/04/27 12:0 a.m.13 views

Messagerie 1.0 - Arbitrary User Removal Denial of Service

Messagerie 1.0 - Arbitrary User Removal Denial of Service source: https://www.securityfocus.com/bid/4635/info Messagerie is a web message board application maintained by La Basse. An issue has been discovered in Messagerie, which could allow an attacker to delete arbitrary user accounts...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2002/04/27 12:0 a.m.21 views

Messagerie 1.0 - Arbitrary User Removal Denial of Service

source: https://www.securityfocus.com/bid/4635/info Messagerie is a web message board application maintained by La Basse. An issue has been discovered in Messagerie, which could allow an attacker to delete arbitrary user accounts. Reportedly, submitting a specially crafted URL will successfully...

7.4AI score
Exploits0
CVE
CVE
added 2001/09/12 4:0 a.m.41 views

CVE-1999-1172

The vulnerability CVE-1999-1172 affects Maximizer Enterprise 4 calendar and address book. According to the provided descriptions, the issue allows arbitrary users to modify another user’s calendar during sharing, indicating an access control/authorization weakness in the calendar-sharing feature....

5CVSS7AI score0.01053EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder