CVE-2002-0765

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password...

CVE-2002-0676

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates...

CVE-2001-0553

SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field...

CVE-2002-0588

PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to 1 add.php or 2 del.php...

Problem when signing up for new user Account from login page

I signed up for a new user account from the login page, filled in a username, password, name and e-mail. Then I tried to login with the new username and got this exception: java.lang.NullPointerException at com.opensymphony.module.user.User.getGroupsUser.java:94 at...

Security issue with GroupWise 6 and LDAP authentication in PostOffice

Issue: Any user can login into any GroupWise account. Environment: GroupWise 6 Post Office using LDAP authentication AND security configuration of PostOffice leaves LDAP User Name and Password fields blank in the Post Office Agent object in ConsoleOne. Exploit: Run GroupWise as any user either...

Citrix Nfuse 1.6 - Published Applications Information Leak

Citrix Nfuse 1.6 - Published Applications Information Leak source: https://www.securityfocus.com/bid/3926/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed...

Citrix Nfuse 1.6 - Published Applications Information Leak

source: https://www.securityfocus.com/bid/3926/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver. If a request for 'applist.asp' is submitted...

Vulnerability in Amtote International homebet self service wagering system.

Product Description: Internet-based account wagering interface utilizing HTML and JAVA web based applications. The HTML functionality includes viewing current account balances, viewing current odds by track, placing wagers, reviewing wagers, and viewing official results/prices by track. The JAVA...

CVE-2001-0077

The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations...

CVE-2001-1169

keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo...

SSH Secure Shell sshd2 does not adequately authenticate logins to accounts with encrypted password fields containing two or fewer characters

Overview A vulnerability exists in SSH Secure Shell that allows an intruder to log to an account which contains a stored encrypted password of two or fewer characters in length. An intruder may leverage the privileges of such an account to gain full control of the system. Description Certain Unix...

URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Secure Shell Community, A potential remote root exploit has been discovered in SSH Secure Shell 3.0.0, for Unix only, concerning accounts with password fields consisting of two or fewer characters. Unauthorized users could potentially log in to...

poprelayd and sendmail relay authentication problem (Cobalt Raq3)

Hi to all, Poprelayd is a simple script that scan /var/log/maillog for valid pop logins and updates a hash db used by sendmail to permit relaying for those valid pop users, this method is called "Pop-before-smtp". The syslog string searched by the script is in this form for the qpop server /POP...

[SECURITY] [DSA 043-2] New versions of Zope fix vulnerabilities

---------------------------------------------------------------------------- Debian Security Advisory DSA-043-2 [email protected] http://www.debian.org/security/ Martin Schulze April 26, 2001 - ---------------------------------------------------------------------------- Packages : zope...

Solaris 8 pam_ldap.so.1 module broken

I looked through the archives back to November 2000 and didn't see this mentioned. Apologies if it's there and I missed it. Sunsolve has bugid 4384816 on file regarding this issue. It's been known since 06-Nov-2000 with a status of 'Evaluated' but no workaround or other information, helpful or...

CVE-2000-0278

The CVE-2000-0278 entry concerns SalesLogix Eviewer’s slxweb.dll admin CGI, which can be triggered remotely without authentication to cause a denial of service. Connected NASL details specify that requesting GET /scripts/slxweb.dll/admin?command=shutdown crashes the remote host, indicating a remo...

aim.caching.txt

% Advisory % Advisory % Advisory % Advisory % Advisory % Advisory % Author: f3d Program: AOL Instant Messanger Servers/Clients Fault: Caching vulnerability Os: Win/BSD/Aim compatible % Advisory % Advisory % Advisory % Advisory % Advisory % Advisory % Problem. There is a vulnerability in AOL Insta...

Дырка в cyrus-sasl

Пользователи, прошедшие аутентификацию могут обратиться к любым ресурсам...

CVE-2000-0689

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter...