Lucene search
K

3063 matches found

NVD
NVD
•added 2001/02/12 5:0 a.m.•19 views

CVE-2001-0003

Web Extender Client WEC in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication"...

5CVSS6.5AI score0.08099EPSS
Exploits0References3
securityvulns
securityvulns
•added 2001/02/10 12:0 a.m.•37 views

Authentication By-Pass Vulnerability in OpenSSH-2.3.1 (devel snapshot)

Please, check http://www.openssh.com/security.html for a full summary of security related issues in OpenSSH. ---------------------------------------------------------------------------- OpenBSD Security Advisory February 8, 2001 Authentication By-Pass Vulnerability in OpenSSH-2.3.1...

0.6AI score
Exploits0
CERT
CERT
•added 2001/02/06 12:0 a.m.•32 views

SSH authentication agent follows symlinks via a UNIX domain socket

Overview Older versions of SSH allow local attackers to to establish ssh sessions as the victim user without authentication. Description The text of this document was originally released on January 20, 1998, as SNI-23, developed by Secure Networks, Inc. SNI. To more widely broadcast this...

2.1CVSS6.2AI score0.01015EPSS
Exploits0References1
Cvelist
Cvelist
•added 2001/01/22 5:0 a.m.•17 views

CVE-2000-1097

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page...

6.8AI score0.0179EPSS
Exploits0References5
NVD
NVD
•added 2000/11/14 5:0 a.m.•13 views

CVE-2000-0843

Buffer overflow in pamsmb and pamntdom pluggable authentication modules PAM allow remote attackers to execute arbitrary commands via a login with a long user name...

10CVSS8AI score0.06542EPSS
Exploits0References6
CERT
CERT
•added 2000/11/02 12:0 a.m.•17 views

SystemWizard Registry Object ActiveX Control lacks authentication

Overview Description The SystemWizard "Registry Object" ActiveX Control may allow attackers to modify the registry on systems where the control is installed. This control was shipped on HP Pavilion computers running Windows 98, as part of a diagnostic application named "SystemWizard" produced by...

7.5CVSS6.1AI score0.0211EPSS
Exploits0References3
securityvulns
securityvulns
•added 2000/10/24 12:0 a.m.•47 views

[CORE SDI ADVISORY] MySQL weak authentication

CORE SDI http://www.core-sdi.com Vulnerability Report for MySQL Authentication Vulnerability Date Published: 2000-10-23 Advisory ID: CORE-20001023 Bugtraq ID: 1826 CVE CAN: Not currently assigned. Title: MySQL Authentication Vulnerability Class: Design Error Remotely Exploitable: Yes Locally...

6.8AI score
Exploits0
NVD
NVD
•added 2000/10/20 4:0 a.m.•9 views

CVE-2000-0757

The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed...

10CVSS7.2AI score0.04091EPSS
Exploits1References2
NVD
NVD
•added 2000/10/20 4:0 a.m.•18 views

CVE-2000-0696

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script...

7.5CVSS6.7AI score0.07177EPSS
Exploits1References5
Cvelist
Cvelist
•added 2000/10/13 4:0 a.m.•29 views

CVE-2000-0627

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as userupdatepasswd.pl and userupdateadmin.pl...

6.2AI score0.01472EPSS
Exploits1References4
Cvelist
Cvelist
•added 2000/10/13 4:0 a.m.•30 views

CVE-2000-0673

The NetBIOS Name Server NBNS protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability...

6.7AI score0.38209EPSS
Exploits1References5
CERT
CERT
•added 2000/09/26 12:0 a.m.•39 views

telnet and rlogin URLs disclose sensitive information, including Environment variables

Overview Some telnet clients may disclose sensitive information in environment variables Description Web browsers can be configured to respond to certian protocol types through the use of a helper application. In this case, web browsers can respond to telnet: URLs with the use of a helper...

2.6CVSS5.6AI score0.01166EPSS
Exploits1References1
Cvelist
Cvelist
•added 2000/09/21 4:0 a.m.•18 views

CVE-2000-0688

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter...

6.9AI score0.0781EPSS
Exploits1References4
Exploit DB
Exploit DB
•added 2000/08/28 12:0 a.m.•25 views

Kerberos 4 4.0/5 5.0 - KDC Spoofing

source: https://www.securityfocus.com/bid/1616/info Kerberos is a cryptographic authentication protocol that allows users of a network to access services without transmitting cleartext passwords. A common implementation of the protocol includes a login service which is vulnerable to an attack whi...

7.4AI score
Exploits0
securityvulns
securityvulns
•added 2000/08/22 12:0 a.m.•28 views

Darxite daemon remote exploit/DoS problem

Darxite daemon remote exploit/DoS problem + Advisory by dethy www.synnergy.net |=============================================| Vulnerable: Darxite All versions up to and including 0.4 Discovery : [email protected] Exploits : Scrippie & dethy Description ----------- "Darxite" is a daemon, written...

0.1AI score
Exploits0
Exploit DB
Exploit DB
•added 2000/08/21 12:0 a.m.•25 views

PHP-Nuke 1.0/2.5 - Administrative Privileges

source: https://www.securityfocus.com/bid/1592/info PHP-Nuke is a website creation/maintainence tool written in PHP3. It is possible to elevate priviliges in this system from normal user to administrator due to a flaw in authentication code. The problem occurs here: $aid = variable holding author...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2000/08/15 12:0 a.m.•25 views

VIGILANTE-2000005.txt

Watchguard Firebox Authentication DoS Advisory Code: VIGILANTE-2000005 Release Date: August 15, 2000 Systems Affected: Tested on the newest version of the Watchguard Firebox II that was on the 22nd of June, but it is very likely that this bug exists in all prior versions that include the...

7.4AI score
Exploits0
exploitpack
exploitpack
•added 2000/08/08 12:0 a.m.•14 views

Sun AnswerBook2 1.4.21.4.31.4.4 - Administration Interface Access

Sun AnswerBook2 1.4.21.4.31.4.4 - Administration Interface Access source: https://www.securityfocus.com/bid/1554/info A lack of authentication checks for certain scripts within the administration interface of AnswerBook2 versions 1.4.2 and prior, for Solaris, allows remote users to create...

0.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2000/08/02 12:0 a.m.•20 views

ipop2d fold Command Arbitrary File Access

The remote pop2 server allows the reading of arbitrary files for authenticated users, using the 'fold' command. C Tenable Network Security, Inc. Theory : - log into the remote server - fold /etc/passwd - read 1 - retr We only check the banner for this flaw include"compat.inc"; ifdescription...

5.5AI score
Exploits0
NVD
NVD
•added 2000/07/27 4:0 a.m.•36 views

CVE-2000-0673

The NetBIOS Name Server NBNS protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability...

5CVSS6.7AI score0.38209EPSS
Exploits1References5
Rows per page
Query Builder