Authentication flaw

webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a wsauth cookie, a different vulnerability than CVE-2006-4782...

DEBIAN-CVE-2006-7094

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors...

CVE-2006-7094

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors...

CVE-2007-0968

CVE-2007-0968 affects Cisco Firewall Services Module (FWSM) prior to 2.3(4.7) and 3.x prior to 3.1(3.1). The issue is an improper evaluation of access control entries (ACE) in an ACL, allowing remote authenticated users to bypass intended protections. Connected sources confirm this is a vulnerabi...

security flaw

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service memory and CPU exhaustion by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop...

Sun Solaris Telnet Remote Authentication Bypass Vulnerability

Description Sun Solaris 10 is prone to a vulnerability that allows remote attackers to bypass authentication. Successfully exploiting this issue allows remote attackers to gain remote access to vulnerable computers. If the targeted computer is configured to allow non-console logins for superusers...

Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Sun Solaris...

SunOS 5.10/5.11 in.telnetd Remote Authentication Bypass Exploit

Exploit for solaris platform in category remote exploits =============================================================== SunOS 5.10/5.11 in.telnetd Remote Authentication Bypass Exploit =============================================================== !/bin/sh CLASSIFIED CONFIDENTIAL SOURCE MATERIAL...

SunOS 5.105.11 in.TelnetD - Remote Authentication Bypass

SunOS 5.105.11 in.TelnetD - Remote Authentication Bypass !/bin/sh CLASSIFIED CONFIDENTIAL SOURCE MATERIAL ATTENTION THIS CODE MUST NOT BE DISCLOSED TO ANY THIRD PARTIES C COPYRIGHT Kingcope, 2007 echo "" echo "SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]" if $ -ne 2 ; th...

SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass

!/bin/sh CLASSIFIED CONFIDENTIAL SOURCE MATERIAL ATTENTION THIS CODE MUST NOT BE DISCLOSED TO ANY THIRD PARTIES C COPYRIGHT Kingcope, 2007 echo "" echo "SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]" if $ -ne 2 ; then echo "./sunos " echo "./sunos localhost bin" exit fi...

CVE-2007-0812

SQL injection vulnerability in pms.php in Woltlab Burning Board wBB Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid0 parameter...

CVE-2007-0452

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service memory and CPU exhaustion by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop...

CVE-2007-0452

CVE-2007-0452 affects Samba’s smbd in versions 3.0.6–3.0.23d. A logic error in the deferred open handling can be triggered by renaming a file, causing an authenticated user to trigger an infinite loop that exhausts memory and CPU (denial of service). Connected sources corroborate the issue across...

Memory corruption

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

CVE-2006-6964

MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source...

CVE-2006-6964

MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source...

CVE-2006-6964

MailEnable Professional prior to v1.78 contains an information disclosure vulnerability: when an administrator edits a user’s settings, a cleartext user password is exposed in the HTML source. This allows remote authenticated administrators to obtain sensitive information. The affected product/co...

CVE-2007-0516

CVE-2007-0516 affects the Yana Framework prior to 2.8.5a. Remote authenticated users with permissions to modify a guestbook profile can modify or delete arbitrary guestbook profiles via unspecified vectors. The vulnerability implies integrity impact (partial) and potential system exposure at the ...

Authentication flaw

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user...

CVE-2007-0188

CVE-2007-0188 affects F5 FirePass 5.4 through 5.5.1. Affected component is the host access restriction mechanism when a client uses a single integer (dotless) IP address; this allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. T...