CVE-2004-1605

SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator...

CVE-2002-1469

Affected software: scponly. Vulnerability: incorrect PATH handling when locating the scp or sftp-server programs could allow remote authenticated users to bypass access controls by uploading malicious programs and altering the PATH in $HOME/.ssh/environment. Impact: partial confidentiality, integ...

CVE-2002-1242

CVE-2002-1242 describes an SQL injection vulnerability in PHP-Nuke prior to 6.0 that allows remote authenticated users to modify the database and gain privileges via the bio parameter in modules.php. Root cause: unvalidated input in the bio field enables injection into SQL statements. Affected so...

CVE-2002-1413

RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" SSL option during a connection...

PT-2004-2559 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program suc...

PT-2004-2549 · Ipswitch · Ws Ftp

Name of the Vulnerable Software and Affected Versions: WS FTP version 5.0.2 Description: The issue allows remote authenticated users to cause a denial of service, specifically CPU consumption, by sending a CD command with an invalid path containing a "../" sequence. Recommendations: For WS FTP...

security flaw

The eaycheckx509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication...

Serena TeamTrack 6.1.1 - Remote Authentication Bypass

Serena TeamTrack 6.1.1 - Remote Authentication Bypass source: https://www.securityfocus.com/bid/10770/info It has been reported that Serena TeamTrack is affected by remote authentication bypass vulnerability. This issue is due to a design error that allows unauthenticated users to access sensitiv...

Serena TeamTrack 6.1.1 - Remote Authentication Bypass

source: https://www.securityfocus.com/bid/10770/info It has been reported that Serena TeamTrack is affected by remote authentication bypass vulnerability. This issue is due to a design error that allows unauthenticated users to access sensitive scripts. Successful exploitation of this issue will...

CVE-2004-0590

The CVE-2004-0590 entry affects FreeS/WAN and related IPsec implementations (OpenS/WAN, FreeS/WAN derivatives, Super-FreeS/WAN, and strongSwan). The root cause described across connected docs is bugs in the verify_x509cert() certificate validation, allowing remote attackers to authenticate using ...

LinBit Technologies LINBOX Officeserver - Remote Authentication Bypass

source: https://www.securityfocus.com/bid/10010/info It has been reported that LINBOX is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow access to web based administration scripts without proper authorization. This issue may allow...

VocalTec VGW48 Telephony Gateway - Remote Authentication Bypass

VocalTec VGW48 Telephony Gateway - Remote Authentication Bypass source: https://www.securityfocus.com/bid/9876/info It has been reported that the VGW4/8 Telephony Gateway is prone to a remote authentication bypass vulnerability via its web configuration tool. The problem is due to a design error ...

VocalTec VGW4/8 Telephony Gateway - Remote Authentication Bypass

source: https://www.securityfocus.com/bid/9876/info It has been reported that the VGW4/8 Telephony Gateway is prone to a remote authentication bypass vulnerability via its web configuration tool. The problem is due to a design error in the application that allows a user to access configuration...

CVE-2003-1207

Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service crash via a dir command with a large number of "." characters followed by a "/" string...

CVE-2003-0332

The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension...

CVE-2003-0332

The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension...

CVE-2003-0215

SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the 1 username and 2 password fields, and possibly other fields...

Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow (2)

Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow 2 // source: https://www.securityfocus.com/bid/7180/info A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker...

Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/7180/info A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an...

Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow (1)

Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow 1 source: https://www.securityfocus.com/bid/7180/info A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could...