284 matches found
Stack overflow
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...
CVE-2010-1840
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...
Confluence features that require password confirmation (websudo, captcha) do not work with custom authentication
When user is required to confirm the password, Confluence always checks the entered password against the internally stored user/password. If an instance is configured to use custom authentication which is different from atlassian-user, the password validation will fail. h3. Resolution This is fix...
Apple Releases Security Update 2010-006
Apple has released security update 2010-006 for Mac OS X and Mac OS X Server to address a vulnerability in the AFP package. This vulnerability may allow an attacker to bypass password validation and obtain sensitive information. The article indicates that this vulnerability does not affect system...
Nokia E72 smartphone protection bypass
Keyboard is not locked during password validation...
Apache CouchDB timing attack
Password validation algorythm allows to guess matching part...
Design/Logic Flaw
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program...
Design/Logic Flaw
Kingston DataTraveler BlackBox DTBB, DataTraveler Secure Privacy Edition DTSP, and DataTraveler Elite Privacy Edition DTEP USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the...
Design/Logic Flaw
SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program...
CVE-2010-0221
Kingston DataTraveler BlackBox DTBB, DataTraveler Secure Privacy Edition DTSP, and DataTraveler Elite Privacy Edition DTEP USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the...
CVE-2010-0224
The CVE-2010-0224 entry concerns SanDisk Cruzer Enterprise USB flash drives. Affected component: the authentication/password validation conducted by a program running on the host computer instead of the drive’s hardware. Root cause: password verification occurs outside the device hardware, enabli...
CVE-2010-0227
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program...
CVE-2010-0221
Kingston DataTraveler BlackBox DTBB, DataTraveler Secure Privacy Edition DTSP, and DataTraveler Elite Privacy Edition DTEP USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the...
ZeeCareers 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin
ZeeCareers v2.0 addadminmembercode.php Add Admin function validateform ifform.name.value == "" || !isNaNform.username.value alert"Please enter your name correctly."; form.username.focus; return false; ifform.name.value == "" || !isNaNform.fname.value alert"Please enter your name correctly.";...
Multiple IP Phones unauthorized access
After administrative login it's possible to access administration interface from any IP without password validation...
CVE-2005-0494
The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request...
Thomson TCW690 POST Password Validation Vulnerability
I found a vulnerability in this cablemodem which a malicious user inside LAN can get the control of the cablemodem easily. This cablemodem model is given by the spanish ISP "AUNA". Details ======= Product: Thomson TCW690 cablemodem Affected Version: ST42.03.0a not tested in minor versions Immune...
Thomson TCW690 - POST Password Validation
Thomson TCW690 - POST Password Validation / Thomson TCW690 POST Password Validation exploit Tested with hardware version 2.1 and software version ST42.03.0a Bug found by: MurDoK Date: 02.19.2005 sh-3.00$ gcc mdktcw690.c -o tcw690 sh-3.00$ ./tcw690 192.168.0.1 123 Thomson TCW690 POST Password...
Thomson TCW690 - POST Password Validation
/ Thomson TCW690 POST Password Validation exploit Tested with hardware version 2.1 and software version ST42.03.0a Bug found by: MurDoK Date: 02.19.2005 sh-3.00$ gcc mdktcw690.c -o tcw690 sh-3.00$ ./tcw690 192.168.0.1 123 Thomson TCW690 POST Password Validation Change password exploit coded by...
Thomson TCW690 POST Password Validation Exploit
Exploit for hardware platform in category remote exploits =============================================== Thomson TCW690 POST Password Validation Exploit =============================================== / Thomson TCW690 POST Password Validation exploit Tested with hardware version 2.1 and software...