CVE-2003-0982

CVE-2003-0982 refers to a buffer overflow in Cisco ACNS authentication module. Affected versions are ACNS 4.x before 4.2.11 and 5.x before 5.0.5, where sending an overly long password can allow a remote attacker to execute arbitrary code on the device. The Cisco advisory notes fix upgrades to 4.2...

CVE-2003-0982

Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password...

CVE-2003-0500

SQL injection vulnerability in the PostgreSQL authentication module modsqlpostgres for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name...

Apache HTTPD contains denial of service vulnerability in basic authentication module

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...

DEBIAN-CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

DEBIAN-CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

login_ldap security announcement

Sebastian Stark from Directory Applications for Advanced Security and Information Management http://www.daasi.de has found a serious issue with loginldap, affecting all versions. loginldap is a BSD Authentication module for authenticating users off an LDAP server, and runs on OpenBSD and BSD/OS. ...

DEBIAN-CVE-2003-0040

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name...

CVE-2001-1354

The CVE-2001-1354 entry concerns the NetWin Authentication module (NWAuth) versions 2.0 and 3.0b, as implemented in SurgeFTP and DMail (and possibly other packages). The root cause is weak password hashing used by NWAuth, which could enable local users to decrypt stored passwords or to log in wit...

CVE-2001-1354

NetWin Authentication module NWAuth 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password...

CVE-2001-1355

Buffer overflows in NetWin Authentication Module NWAuth 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to 1 the -del command or 2 the -lookup command...

ldap vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --- Blackshell Advisory 5 --- Local Format String Vuln in pamldap and remote in squidauthldap - --- Blackshell Advisory 5 --- - --- Versions Affected --- pamldap: 143 prior vendor status: nil squidauthldap: 2.0 prior vendor status: nil - --- What is...

Многочисленные уязвимости в NetWin Authentication Module (weak encryption, buffer overflow)

Многочисленные уязвимости: обратимое шифрование паролей, плохой хэш, переполнения буфера...

CVE-2001-1355

Buffer overflows in NetWin Authentication Module NWAuth 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to 1 the -del command or 2 the -lookup command...

CVE-2001-1354

NetWin Authentication module NWAuth 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password...

NetWin DMail 2.x / SurgeFTP 1.0/2.0 - Weak Password Encryption

// source: https://www.securityfocus.com/bid/3075/info The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products. A simple one-way hash function is used by NWAuth to perform password encryption operations. As a result, it is trivial for an...

NetWin DMail 2.x SurgeFTP 1.02.0 - Weak Password Encryption

NetWin DMail 2.x SurgeFTP 1.02.0 - Weak Password Encryption // source: https://www.securityfocus.com/bid/3075/info The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products. A simple one-way hash function is used by NWAuth to perform passwor...

DEBIAN-CVE-2001-1459

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module PAM session if commands are executed with no pty, which allows local users to bypass resource limits rlimits set in pam.d...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module PAM session if commands are executed with no pty, which allows local users to bypass resource limits rlimits set in pam.d. Remediatio...