Lucene search
K

101 matches found

OSV
OSV
added 2004/12/31 5:0 a.m.6 views

CVE-2004-1440

Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow 1 remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, an...

8.2AI score
Exploits0References7
securityvulns
securityvulns
added 2004/08/30 12:0 a.m.36 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server Revision 1.1 Last Updated 2004 August 25 1630 UTC GMT For Public Release 2004 August 25 1600 UTC GMT -...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.35 views

Mandrake Linux Security Advisory : krb5 (MDKSA-2003:043-1)

Multiple vulnerabilities have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilities, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to...

7.5CVSS8AI score0.15031EPSS
Exploits1References12
CERT
CERT
added 2004/06/02 12:0 a.m.21 views

MIT Kerberos 5 krb5_aname_to_localname() contains several heap overflows

Overview MIT Kerberos 5 contains several heap buffer overflow vulnerabilities in code that translates Kerberos principal names to local UNIX account names. An authenticated, remote attacker could execute arbitrary code on a vulnerable system with root privileges. Description MIT Kerberos 5 contai...

7.9AI score
Exploits0References3
Exploit DB
Exploit DB
added 2003/10/31 12:0 a.m.45 views

Citrix Metaframe XP - Cross-Site Scripting

source: https://www.securityfocus.com/bid/8939/info Citrix Metaframe XP is prone to cross-site scripting attacks when returning error messages to users. The error message is generated when invalid authentication credentials are transmitted to the log-in page. Exploitation of this issue could...

7.4AI score
Exploits0
NVD
NVD
added 2003/08/18 4:0 a.m.11 views

CVE-2003-0515

SQL injection vulnerabilities in the 1 PostgreSQL or 2 MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges...

7.5CVSS8.4AI score0.01031EPSS
Exploits0References1
NVD
NVD
added 2003/04/11 4:0 a.m.13 views

CVE-2002-1416

The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks...

5CVSS6.7AI score0.01772EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2003/04/02 9:57 a.m.11 views

Critical: Red Hat Security Advisory: : Updated kerberos packages fix various vulnerabilities

Updated Kerberos packages for Red Hat Linux 9 fix a number of vulnerabilities found in MIT Kerberos. Kerberos is a network authentication system. The MIT Kerberos team released an advisory describing a number of vulnerabilities that affect the kerberos packages shipped as part of Red Hat Linux 9...

7.5CVSS7.3AI score0.15031EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2003/03/27 7:43 p.m.50 views

Critical: Red Hat Security Advisory: krb5 security update

Updated kerberos packages fix a number of vulnerabilities found in MIT Kerberos. Kerberos is a network authentication system. The MIT Kerberos team released an advisory describing a number of vulnerabilities that affect the kerberos packages shipped by Red Hat. An integer signedness error in the...

9.8CVSS7.4AI score0.15031EPSS
Exploits1References6
securityvulns
securityvulns
added 2002/08/08 12:0 a.m.24 views

iDEFENSE Security Advisory: iSCSI Default Configuration File Settings

iDEFENSE Security Advisory 08.08.2002 iSCSI Default Configuration File Settings DESCRIPTION iSCSI is a popular new protocol that allows the SCSI protocol to be used over traditional IP networks. This allows for SAN like storage arrays without requiring new network infrastructure. iSCSI’s primary...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.26 views

CVE-2002-0066

Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges...

6.9AI score0.01635EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/08/30 12:0 a.m.24 views

RUS-CERT Advisory 2001-08:01

Vulnerabilities in several Apache authentication modules RUS-CERT has discovered that several Apache authentication modules which use SQL databases to store authentication information are vulnerable to a remote SQL code injection attack. Systems Affected Any Apache server using database-based...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2001/06/18 12:0 a.m.173 views

DC Scripts DCShop Beta 1.0 02 - File Disclosure (2)

source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential order data, including credit card and other private...

7.4AI score
Exploits0
CERT
CERT
added 2001/04/10 12:0 a.m.29 views

Alcatel ADSL modems provide EXPERT administrative account with an easily reversible encrypted password

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...

7.8AI score
Exploits0References3
Packet Storm
Packet Storm
added 2001/04/07 12:0 a.m.50 views

ccc_harvest.txt

-= Zero Tolerance Technologies T Security Advisory =- Reference: ZTT-SA01-27032001 Author: Richard Scott, [email protected] Product: Computer Associates' CCC\Harvest Source Code control software http://ca.com/products/cccharvest.htm http://ca.com/products/descriptions/cccharvest.pdf...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/02/16 12:0 a.m.51 views

BindView Advisory: MITM Attacks Against Novell NetWare

MITM Attacks Against Novell NetWare ----------------------------------- Issue Date: 15Feb2001 Contact: Simple Nomad [email protected] http://razor.bindview.com/publish/advisories/advNovellMITM.html Topic: ------ Man-in-the-middle Attack can reveal password hashes and private keys in...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/05/18 12:0 a.m.60 views

Advisory CA-2000-06

CERT Advisory CA-2000-06 Multiple Buffer Overflows in Kerberos Authenticated Services Original release date: May 17, 2000 Last revised: -- Source: The MIT Kerberos Team, CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running services authenticated via...

0.8AI score
Exploits0
Cisco
Cisco
added 1999/12/16 4:0 p.m.13 views

Cisco Cache Engine Authentication Vulnerabilities

...

3AI score
Exploits0References1
exploitpack
exploitpack
added 1998/12/25 12:0 a.m.13 views

Microsoft IIS 3.04.0 - Upgrade BDIR.HTR

Microsoft IIS 3.04.0 - Upgrade BDIR.HTR source: https://www.securityfocus.com/bid/2280/info Microsoft Internet Information Server IIS 3.0 came with a series of remote administration scripts installed in /scripts/iisadmin off the web root directory. ism.dll is required for processing these scripts...

7.4AI score
Exploits0
Cisco
Cisco
added 1997/10/01 4:0 p.m.16 views

Cisco CHAP Authentication Vulnerabilities

...

2.4AI score
Exploits0References1
Rows per page
Query Builder