510 matches found
CVE-2006-6435
The CVE affects Xerox WorkCentre/WorkCentre Pro SNMP: versions prior to 12.050.03.000, 13.x prior to 13.050.03.000, and 14.x prior to 14.050.03.000 do not generate authentication failure traps, enabling remote attackers to perform brute-force login attempts to gain system access and obtain sensit...
security flaw
pamldap in nssldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pamauthenticate function to return a success cod...
Secure Elements Class 5 AVR server fails to properly authenticate session start messages
Overview The Secure Elements Class 5 AVR server fails to properly authenticate "session start" messages. This may allow an attacker to cause the server to initiate TCP connections to arbitrary destinations, which can cause a denial of service to both the server and the specified target. Descripti...
CVE-2004-1611
SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to 1 execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle MITM attack, or 2 obtain the database password via a GetConnection...
[SECURITY] [DSA 269-2] New heimdal packages fix authentication failure
-------------------------------------------------------------------------- Debian Security Advisory DSA 269-2 [email protected] http://www.debian.org/security/ Martin Schulze April 9th, 2003 http://www.debian.org/security/faq -...
CVE-2001-1359
CVE-2001-1359 affects Volution clients 1.0.7 and earlier. When LDAP authentication fails, these clients contact the CCD, enabling remote attackers operating a Trojan horse Volution server to fully control the client. No explicit exploit details or patch information are provided in the supplied do...
[SECURITY] [DSA 273-1] New krb4 packages fix authentication failure
-------------------------------------------------------------------------- Debian Security Advisory DSA 273-1 [email protected] http://www.debian.org/security/ Martin Schulze March 28th, 2003 http://www.debian.org/security/faq -...
3Com SuperStack II RAS 1500 - Unauthorized Access
3Com SuperStack II RAS 1500 - Unauthorized Access source: https://www.securityfocus.com/bid/7176/info A vulnerability has been reported in 3Com RAS 1500 router that may allow attackers to access sensitive data. Specifically, RAS 1500 devices fail to carry out authentication when requests are made...
Fata-jack - new 802.11b wireless DoS
Authentication-Failed packets from access points are spoofed. It causes access denial for client and sometimes hang of client driver or software...
CVE-2002-0669
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIPAUTHENTICATESCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs...
CVE-2002-0669
The CVE-2002-0669 issue affects Pingtel xpressa SIP-based phones (versions 1.2.5–1.2.7.4). By changing SIP_AUTHENTICATE_SCHEME, an attacker can force authentication of incoming calls, causing a denial of service where neither caller nor callee is informed of the failure. The vulnerability stems f...
CVE-2002-0669
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIPAUTHENTICATESCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs...
PHPNuke 'admin.php' script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files
Overview PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. Attackers may exploit this vulnerability to copy, move, or upload files. Description PHPNuke is a set of PHP scripts designed to simplify website creation and maintenance. The "admin.php"...
Have JIRA delete cookie when user authentication fails
I would like to suggest that if JIRA loads the user details id and password from a cookie and attempts to authenticate and fails then JIRA should delete the cookie. The logic behind this is: We are using LDAP for authentication to Novell's NDS and if a user gets JIRA to remember their id and...
Ben Chivers Easy Homepage Creator 1.0 - File Modification
Ben Chivers Easy Homepage Creator 1.0 - File Modification source: https://www.securityfocus.com/bid/5340/info The vulnerability has been reported for Easy Homepage Creator. It is possible for an atttacker to modify any user's home page. The vulnerability is the result of Homepage Creator failing ...
LDAP Connection Leak in CTI when User Authentication Fails
...
CVE-2002-0134
CVE-2002-0134 describes an insecure telnet proxy in Avirt Gateway Suite 4.2 where the proxy does not require authentication. This allows remote attackers to connect to the proxy system, list file contents, and execute arbitrary commands via the “dos” command. The vulnerability is reflected across...
VulnCheck KEV: CVE-2002-0367
smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges...
CVE-2001-1507
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged...
qpopper and pam.d
Hello, Take a look at the two sessions I have with Qpopper on a Redhat Linux 7.x box from an RPM package of version 4.0.1. Existing account: root@bart /etc telnet 10.10.10.1 110 Trying 10.10.10.1... Connected to 10.10.10.1. Escape character is '^'. +OK ready [email protected] user...