Debian DSA-144-1 : wwwoffle - improper input handling

A problem with wwwoffle has been discovered. The web proxy didn't handle input data with negative Content-Length settings properly which causes the processing child to crash. It is at this time not obvious how this can lead to an exploitable vulnerability; however, it's better to be safe than...

CVE-2004-0044

Cisco Personal Assistant 1.41 and 1.42 disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username...

CVE-2004-0044

Cisco Personal Assistant 1.4(1) and 1.4(2) are affected. The issue arises when the product’s configuration uses the Corporate Directory settings tied to Cisco CallManager’s directory service and the setting “Allow Only Cisco CallManager Users” is enabled; this causes password authentication to be...

SQL Server Cleartext 'sa' Account 'sql' Password Authentication (deprecated)

Binary data 1131.prm...

SQL Server Cleartext 'admin' Account 'password' Password Authentication (deprecated)

Binary data 1132.prm...

SQL Server Cleartext 'admin' Account 'admin' Password Authentication (deprecated)

Binary data 1127.prm...

SQL Server Cleartext 'sa' Account 'admin' Password Authentication (deprecated)

Binary data 1125.prm...

SQL Server Cleartext 'probe' Account 'probe' Password Authentication (deprecated)

Binary data 1128.prm...

SQL Server Cleartext 'sa' Account 'password' Password Authentication (deprecated)

Binary data 1123.prm...

MapInfo Discovery 1.01.1 - MapFrame.asp?mapname Cross-Site Scripting

MapInfo Discovery 1.01.1 - MapFrame.asp?mapname Cross-Site Scripting source: https://www.securityfocus.com/bid/10927/info Multiple remote vulnerabilities are reported in MapInfo Discovery. The first issue is reported to be an information disclosure vulnerability. An attacker may gain access to...

MySQL fails to properly evaluate zero-length strings in the check_scramble_323() function

Overview There is a vulnerability in the password authentication mechanism of MySQL which could allow an attacker to bypass authentication by supplying a zero-length string. Description MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating...

F-Secure SSH Password Authentication Policy Evasion

According to its banner, the version of F-Secure SSH running on the remote host allows a user to log in using a password, even though the server policy disallows it. An attacker could exploit this flaw to run a dictionary attack against the SSH server. C Tenable Network Security, Inc...

CVE-2004-0044

Cisco Personal Assistant 1.41 and 1.42 disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username...

MDaemon SMTP Server 5.0.5 - Null Password Authentication

MDaemon SMTP Server 5.0.5 - Null Password Authentication source: https://www.securityfocus.com/bid/8382/info A vulnerability has been reported to affect the MDaemon SMTP authentication handler. It has been reported that any valid username or account can be used in conjunction with a null password...

MDaemon SMTP Server 5.0.5 - Null Password Authentication

source: https://www.securityfocus.com/bid/8382/info A vulnerability has been reported to affect the MDaemon SMTP authentication handler. It has been reported that any valid username or account can be used in conjunction with a null password, to access the MDaemon SMTP server. This issue may be...

Vulnerability in OpenSSH daemon (sshd)

Overview A vulnerability in the OpenSSH daemon sshd may give remote attackers a better chance of gaining access to restricted resources. Description OpenSSH is an implementation of the Secure Shell protocol. It is used to provide strong authentication and cryptographically secure communications...

CVE-2002-0765

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password...

MySQL 3.23.x4.0.x - COM_CHANGE_USER Password Length Account

MySQL 3.23.x4.0.x - COMCHANGEUSER Password Length Account / source: https://www.securityfocus.com/bid/6373/info A flaw in the password authentication mechanism for MySQL may make it possible for an authenticated database user to compromise the accounts of other database users. The flaw lies in th...

MySQL 3.23.x4.0.x - COM_CHANGE_USER Password Memory Corruption

MySQL 3.23.x4.0.x - COMCHANGEUSER Password Memory Corruption source: https://www.securityfocus.com/bid/6375/info MySQL is prone to a memory corruption vulnerability in the COMCHANGEUSER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges...

MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption

source: https://www.securityfocus.com/bid/6375/info MySQL is prone to a memory corruption vulnerability in the COMCHANGEUSER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges, it may be possible to corrupt sensitive regions of memory. ...