CVE-2004-2553

The CVE-2004-2553 issue affects IgnitionServer ignitionServer 0.1.2 through 0.1.2-R2. A remote authenticated user with local IRC operator privileges can escalate to a global IRC operator by issuing the unofficial umode command with the +ORD argument. This privilege escalation is validated by mult...

CVE-2002-2163

CVE-2002-2163 affects KvPoll 1.1. The vulnerability allows remote authenticated users to vote multiple times by manipulating the already_voted cookie, including through a direct call to clear_cookies.php. The connected documents do not provide exploitation specifics beyond this cookie-based bypas...

CVE-2005-3642

IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username...

CVE-2002-2163

KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "alreadyvoted" cookie by various methods, including a direct call to clearcookies.php...

CVE-2005-2963

The modauthshadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security...

CVE-2005-2770

The issue CVE-2005-2770 affects AttachmateWRQ Reflection for Secure IT Server before 6.0 Build 24. The vulnerability stems from a Renamed Account Remote Login flaw where valid public keys continue to allow Administrator or Guest logins after those accounts have been renamed or disabled post-authe...

CVE-2004-2481

CVE-2004-2481 affects MyProxy 6.58. The vulnerability allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server by issuing a CONNECT command, bypassing access restrictions. No explicit exploit code or affected version range beyond 6.58 is provided in...

CVE-2005-1981

CVE-2005-1981 refers to a denial-of-service vulnerability in the Kerberos handling of Windows 2000 Server and Windows Server 2003 domain controllers (CAN-2005-1981). The issue allows a remote, authenticated attacker to send a crafted Kerberos message that can cause the domain controller’s authent...

CVE-2005-2219

CVE-2005-2219 affects Hosting Controller 6.1 Hotfix 2.1. Remote authenticated users can perform unauthorized actions by sending a direct request to AccountActions.asp and modifying the CreditLimit parameter in the UpdateCreditLimit action, enabling changes to user credit limits. The linked Red Ha...

CVE-2004-2169

CVE-2004-2169 affects Application Access Server (A-A-S) 1.0.37 and earlier. Remote authenticated users can trigger a denial of service (application crash) by issuing a long file request. No remediation or fixes are detailed in the provided documents.

CVE-2002-1830

Open Bulletin Board (OpenBB) 1.0.0 RC3 contains an authentication bypass vulnerability that lets remote attackers access modifier options by issuing a direct request to moderator.php with action and ismod parameters. The vulnerability path arises from insufficient access controls on moderator.php...

CVE-2002-1821

Affected software: Ultimate PHP Board (UPB) 1.0 and 1.0b. Vulnerability: Remote authenticated users can gain privileges and perform unauthorized actions by making direct requests to specific admin pages: admin_members.php, admin_config.php, admin_cat.php, and admin_forum.php. Root cause/impact: T...

security flaw

SQL injection vulnerability in the radiusxlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via 1 groupmembershipquery, 2 simulcountquery, or 3 simulverifyquery configuration entries...

CVE-2003-1207

CVE-2003-1207 affects Crob FTP Server 3.5.1. Remote authenticated users can cause a denial-of-service (crash) by issuing a dir command that contains a large sequence of "." characters followed by the string "/*". The available sources reiterate this vulnerability but do not provide additional exp...

CVE-2005-1670

The CVE-2005-1670 issue affects Extreme Networks switches running ExtremeWare XOS. Affected products include BlackDiamond/ExtremeWare XOS versions 11.1 (before 11.1.3.3), 11.0 (before 11.0.2.4), and 10.x. The underlying cause is a vulnerability in XOS that allows an authenticated user to execute ...

CVE-2005-1454

SQL injection vulnerability in the radiusxlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via 1 groupmembershipquery, 2 simulcountquery, or 3 simulverifyquery configuration entries...

D-Link DSL Router - Remote Authentication Bypass

D-Link DSL Router - Remote Authentication Bypass source: https://www.securityfocus.com/bid/13679/info Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a failure of the devices to require authentication in certain circumstances. This...

D-Link DSL Router - Remote Authentication Bypass

source: https://www.securityfocus.com/bid/13679/info Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a failure of the devices to require authentication in certain circumstances. This vulnerability allows remote attackers to gain...

CVE-2005-1564

postbug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product...

CVE-2005-1491

CVE-2005-1491 affects Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2. The issue allows remote authenticated users to perform file operations: (1) move their home directory via viewaction.html and (2) move arbitrary files via the importaction.html importfile parameter. The root cause is a vul...