CVE-1999-1076

The CVE-1999-1076 issue concerns idle locking in MacOS 9. A local attacker can bypass password protection of an idled session by choosing Log Out and then Cancel in the logout-confirm dialog, which returns them to the locked session. Documents consistently reference MacOS 9 as affected and descri...

CVE-1999-1076

Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into th...

Cisco Multiple Devices Unpassworded Account

The remote host appears to be a Cisco router or switch with no password set. This can allow a remote attacker to login to the device and take control of it. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10754; scriptcveid"CVE-1999-0508"; scriptversion "1.23";...

Sambar Server 4.x/5.0 - Insecure Default Password Protection

source: https://www.securityfocus.com/bid/3095/info Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Sambar Server provides insecure default protection for user passwords. The default password decryption algorithm employs only a single key, built into the serv...

3Com SuperStack II PS Hub 40 - TelnetD Weak Password Protection

3Com SuperStack II PS Hub 40 - TelnetD Weak Password Protection source: https://www.securityfocus.com/bid/3034/info A vulnerability exists in certain models of 3Com hubs and potentially other 3Com network products. The affected devices fail to properly restrict the allowed number of login attempt...

Несанкционированный доступ в Active Web Classifieds (unauthorized access)

Ко многим конфигурационным функциям можно обратиться в обход защиты паролем...

Cisco Security Advisory: Cisco 6400 NRP2 Telnet Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Cisco 6400 NRP2 Telnet Vulnerability ============================================================================== Revision 1.0 For Public Release 2001 June 14 at 1500 UTC...

CVE-2001-0152

The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders...

Alcatel ADSL modems contain a null default password

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...

Дырка в Ultimate Bulletin Board

Можно посмотреть сообщения в закрытой паролем конференции используя функцию ответа с квотированием...

CGI - mailnews.cgi vulnerability...

Hello BuGReaders... Script: mailnews.cgi Introduction: cat from source CGI-Script MAILNEWS 1.3 This script helps you to maintain a mailinglist. /cat Tested Version: 1.1, 1.3 Author dont parse some characters and he use very stupid "password protection". We can add or delete users from maillist...

CVE-2000-1023

The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program...

PostACI Webmail Vulnerability

The PostACI webmail system contains a rather trival vulnerability. One can obtain the hostname, username and password variables for the MySQL server in addition to other setup information if PostACI is setup as described running out of the box by simplying going to the url:...

Дырка в 24Link Webserver (avoid password protection )

Добавление спец символов к имени файла позволяет обойти защиту файла паролем...

24Link Webserver

24Link 1.06 Web Server x PROBLEM: A vulnerability was found in 24Link 1.06 Web Server for Windows 95/98/2000/NT machines. The vulnerability allows you to view any password protected files on the Web Server, provided that the Authorization - Check User Name and Password- On all Requests option...

En: ubb hole

----- Original Message ----- From: tdf To: [email protected] Sent: Monday, November 20, 2000 2:46 PM Subject: ubb hole ----------------------------------------------------------------------------------- Ultimate Bulletin Board - Private forums security hole, by tdf [email protected]...

Decrypting passwords for BrowseGate

Product: BrowseGate by NetCPlus Version: 2.80.2 others? OS: Windows NT/2000/9x Description: BrowseGate is a proxy firewall from NetCPlus. BrowseGate is sometimes installed on servers along with other network applications including SmartServer3 with which it is made to integrate. BrowseGate instal...

Cisco IOS 12 - Software '?/' HTTP Request Denial of Service

source: https://www.securityfocus.com/bid/1838/info Cisco devices running IOS software may be prone to a denial of service attack if a URL containing a question mark followed by a slash ?/ is requested. The device will enter an infinite loop when supplied with a URL containing a "?/" and an enabl...

CVE-2000-0777

The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability...

Nortel Networks Router Unpassworded Account (manager Level)

The remote Nortel Networks former Bay Networks router has no password for the manager account. An attacker could telnet to the router and reconfigure it to lock you out of it. This could prevent you from using your Internet connection. This script was written by Victor Kirhenshtein Based on...