Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow (1)

source: https://www.securityfocus.com/bid/7180/info A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessi...

DEBIAN-CVE-2002-1477

graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode...

DEBIAN-CVE-2003-0072

The Key Distribution Center KDC in Kerberos 5 krb5 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array aka "array overrun"...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. The Key Distribution Center KDC in Kerberos 5 krb5 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service crash on KDCs within the same realm using a certain protocol request that...

DEBIAN-CVE-2003-0058

MIT Kerberos V5 Key Distribution Center KDC before 1.2.5 allows remote authenticated attackers to cause a denial of service crash on KDCs within the same realm via a certain protocol request that causes a null dereference...

CVE-2002-2279

Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions...

CVE-2002-2082

FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users...

CVE-2002-1882

Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors...

Solaris 2.6/7/8 (TTYPROMPT in.telnet) Remote Authentication Bypass

Exploit for solaris platform in category remote exploits ================================================================== Solaris 2.6/7/8 TTYPROMPT in.telnet Remote Authentication Bypass ================================================================== Solaris TTYPROMPT Security Vulnerability...

CVE-2002-0924

CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability...

CVE-2002-0919

CGIScript.net csPassword.cgi is vulnerable: remote authenticated users can modify the .htaccess file and gain privileges by injecting newlines in the title field of the edit page. The impact is privilege escalation through file modification. No remediation or fix details are provided in the suppl...

CVE-2002-0522

ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie...

CVE-2002-0588

PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to 1 add.php or 2 del.php...

CVE-2002-0613

dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the userloggedin or userdnstoolsadministrator parameters...

CVE-2002-0275

Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / slash in the requested URL...

CVE-2001-0269

pamldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password...

FreeBSD-SA-01:25.kerberosIV

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:25 Security Advisory FreeBSD, Inc. Topic: Local and remote vulnerabilities in Kerberos IV Category: core Module: libkrb, telnetd Announced: 2001-02-14 Credits: Jouko...

CVE-2000-1133

Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . dot into the URL for a protected directory...

id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Command Execution

// source: https://www.securityfocus.com/bid/90/info The Quake server has a feature where it allows administrators to remotely send commands to the Quake console with a password. However, it is possible to remotely bypass authentication. In order for this to be exploited, the attacker would have ...

PT-2013-6355 · Openssh +4 · Openssh +4

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 6.2 through 6.3 Description: The issue allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. This is due to the mm newkeys fro...