3144 matches found
FreeBSD : moodle -- multiple vulnerabilities (f6429c24-4fc9-11df-83fb-0015587e2cc1)
The Moodle release notes report multiple vulnerabilities which could allow remote attackers to perform, amongst others, cross site scripting, user enumeration and SQL injection attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
LDAP User Enumeration
By using the search base gathered by plugin ID 25701, Nessus was able to enumerate the list of users in the remote LDAP directory. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid45478; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...
moodle -- multiple vulnerabilities
The Moodle release notes report multiple vulnerabilities which could allow remote attackers to perform, amongst others, cross site scripting, user enumeration and SQL injection attacks...
SMB User Enumeration (SAM EnumUsers)
Determine what users exist via the SAM RPC service This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB User Enumeration SAM EnumUsers', 'Description' = 'Determine what users exist via the SAM R...
LDAP - Injection
Vurnerebility: LDAP Injection + Category : Implemented Web exploit + Category : Attack Technique + Author : mc2s3lector + dork : X/o" + Contact : www.yogyacarderlink.web.id + date : 4-2-10 + biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano, all.indonesian like a coding,...
Multiple Vulnerabilities in Cisco Unified MeetingPlace
No description provided by source. Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Advisory ID: cisco-sa-20100127-mp Revision 1.0 For Public Release 2010 Jan 27 1600 UTC GMT +--------------------------------------------------------------------- Summary =======...
mysql-users NSE Script
Attempts to list all users on a MySQL server. Script Arguments mysqluser The username to use for authentication. If unset it attempts to use credentials found by mysql-brute or mysql-empty-password. mysqlpass The password to use for authentication. If unset it attempts to use credentials found by...
Security fix for the ALT Linux 5 package tomcat6 version 0:6.0.18-alt6_8jpp5
Jan. 14, 2010 Slava Semushin 0:6.0.18-alt68jpp5 - NMU - Applied upstream patches to fix following vulnerabilities: + CVE-2009-0033: DoS when using Java AJP connector Closes: 20313 + CVE-2009-0580: User enumeration vulnerability with FORM authentication Closes: 20315 + CVE-2009-0781: XSS in calend...
SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 6352)
This update of tomcat fixes several vulnerabilities : - RequestDispatcher usage can lead to information leakage. CVE-2008-5515 - denial of service via AJP connection. CVE-2009-0033 - some authentication classes allow user enumeration. CVE-2009-0580 - XSS bug in example application cal2.jsp...
openSUSE Security Update : tomcat6 (tomcat6-999)
This update of tomcat fixes several vulnerabilities : - CVE-2008-5515: RequestDispatcher usage can lead to information leakage - CVE-2009-0033: denial of service via AJP connection - CVE-2009-0580: some authentication classes allow user enumeration - CVE-2009-0781: XSS bug in example application...
Code injection
The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
Design/Logic Flaw
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior...
CVE-2009-2335
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior...
CVE-2009-2335
CVE-2009-2335 affects WordPress and WordPress MU prior to 2.8.1, where a failed login behaves differently depending on whether the user account exists, enabling remote enumeration of valid usernames. The vendor reportedly disputes the significance of the issue, calling the behavior for user conve...
[Full-disclosure] Lotus Sametime User Enumeration Vulnerability - Security Advisory - SOS-09-004
Lotus Sametime User Enumeration Vulnerability - Security Advisory - SOS-09-004 Release Date. 9-Jul-2009 Vendor Notification Date. 2-Jun-2009 Product. IBM Lotus Instant Messaging and Web Conferencing Sametime Platform. Windows verified, possibly others Affected versions. IBM Lotus Instant Messagin...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP07 update
Updated JBoss Enterprise Application Platform JBEAP 4.2 packages that fix various issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.2.0.CP07. This update has been rated as having important security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platfor...
Apache Tomcat multiple security vulnerabilities
Information leak, user enumeration, DoS, directory traversal...
DSquare Exploit Pack: D2SEC_TOMCAT_ENUMUSER
Name| d2sectomcatenumuser ---|--- CVE| CVE-2009-0580 Exploit Pack| D2ExploitPack Description| Apache Tomcat User Enumeration Notes|...
[SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0580: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and 5.0.x version...
[SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Updated to clarify affected versions as they vary for each affected Realm. CVE-2009-0580: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: MemoryRealm: Tomcat 4.1.0 to 4.1.39 Tomcat...