688 matches found
CVE-2002-2036
Sun Ray Server Software (SRSS) 1.3 with Non-Smartcard Mobility (NSCM) enabled is affected. The issue allows remote attackers to log in as another user by running dtlogin on a system with XDMCP client support, indicating a network-exposed authentication bypass via XDMCP/X11 components. The core de...
CVE-2001-1507
Technical details are not publicly available in the provided documents. Monitor for updates.
DEBIAN-CVE-2005-0198
A logic error in the CRAM-MD5 code for the University of Washington IMAP UW-IMAP server, when Challenge-Response Authentication Mechanism with MD5 CRAM-MD5 is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticat...
mit-krb5: Multiple buffer overflows in telnet client
Background The MIT Kerberos 5 implementation provides a command line telnet client which is used for remote login via the telnet protocol. Description A buffer overflow has been identified in the envoptadd function, where a response requiring excessive escaping can cause a heap-based buffer...
telnet-bsd: Multiple buffer overflows
Background telnet-bsd provides a command line telnet client which is used for remote login using the telnet protocol. Description A buffer overflow has been identified in the envoptadd function of telnet-bsd, where a response requiring excessive escaping can cause a heap-based buffer overflow...
Important: Red Hat Security Advisory: telnet security update
Updated telnet packages that fix two buffer overflow vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The telnet package provides a command line telnet client. The telnet-server package includes a telnet daemo...
CVE-2004-0243
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods...
CVE-2002-1092
Cisco VPN 3000 Concentrator 3.6Rel and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication...
Mandrake Linux Security Advisory : webmin (MDKSA-2002:033)
A vulnerability exists in all versions of Webmin prior to 0.970 that allows a remote attacker to login to Webmin as any user. All users of Webmin are encouraged to upgrade immediately. Users of Mandrake Linux 8.0 and earlier will need to install some additional perl modules for this new version o...
SUSE-SA:2003:039: openssh (second release)
The remote host is missing the patch for the advisory SUSE-SA:2003:039 openssh second release. The openssh package is the most widely used implementation of the secure shell protocol family ssh. It provides a set of network connectivity tools for remote shell login, designed to substitute the...
CVE-2004-0243
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods...
CVE-2004-0243
CVE-2004-0243 affects AIX 4.3.3 through 5.1. When direct remote login is disabled, the login message leaks enough to allow brute-forcing passwords by remote attackers who can distinguish correct versus failed attempts. The vulnerability is tied to the authentication messaging behavior in these AI...
PT-2004-1397 · Ibm · Aix
Name of the Vulnerable Software and Affected Versions: AIX versions 4.3.3 through 5.1 Description: The issue allows remote attackers to guess the password via brute force methods when direct remote login is disabled. This occurs because AIX displays a different message if the password is correct...
eMule 2.2 [0.29c] - Web Control Panel - DOS(Denial Of Service)
eMule 2.2 0.29c - Web Control Panel - DOSDenial Of Service Discovered by Rafel Ivgi ,The-Insider http://theinsider.deep-ice.com Emule opens a remote login at port 80. the http login has been carefully tested and was not found to be vulnerable to XSSCross Site Scripting. HowEver It has...
Linux pam_lib_smb 1.1.6 - binlogin Remote Overflow
Linux pamlibsmb 1.1.6 - binlogin Remote Overflow / Linux pamlibsmb include include include include include include include include include / first negotiate / / packet capture by ethereal / char packet1 = 0xff, 0xfd, 0x03, 0xff, 0xfb, 0x18, 0xff, 0xfb, 0x1f, 0xff, 0xfb, 0x20, 0xff, 0xfb, 0x21,...
CVE-2002-1884
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin"...
Solaris TTYPROMPT Remote Login Bypass
Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the environment variable TTYPROMPT to a 6-character string, inside telnet...
CVE-2002-1092
Cisco VPN 3000 Concentrator 3.6Rel and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication...
Solaris 2.6, 7, 8
Hello, Solaris 2.6, 7, and 8 /bin/login has a vulnerability involving the environment variable TTYPROMPT. This vulnerability has already been reported to BugTraq and a patch has been released by Sun. However, a very simple exploit, which does not require any code to be compiled by an attacker,...
DEBIAN-CVE-2001-1507
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged...