3143 matches found
CVE-2009-1384
pamkrb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux RHEL 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
CVE-2009-1803
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
CVE-2009-1803
CVE-2009-1803 affects FreePBX 2.5.1 and other 2.4.x, 2.5.x, and pre-release 2.6.x; the vulnerability stems from different error messages shown on failed login attempts, which reveals whether a user account exists. This behavioral difference enables remote attackers to enumerate valid usernames. T...
Open redirect
The web interface in Open Computer and Software Inventory Next Generation OCS Inventory NG 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames...
pam_ssh Login Prompt Remote Username Enumeration
The remote host is running a SSH server that responds differently to login attempts depending on whether or not a valid username is given. This is likely due to a vulnerable version of pamssh. Other products may be affected as well. A remote attacker could use this to enumerate valid usernames,...
Novell Teaming Login User Account Enumeration Weakness
The remote host is running Novell Teaming, a collaboration and conferencing application. The version of Novell Teaming installed on the remote host allows an unauthenticated remote attacker to enumerate users during the login phase because the web application responds with different messages when...
Novell Teaming 1.0 - User Enumeration Multiple Cross-Site Scripting Vulnerabilities
Novell Teaming 1.0 - User Enumeration Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/34531/info Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities. A remote attacker can exploit the user-enumeration...
Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/34531/info Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attac...
CVE-2009-1075
CVE-2009-1075 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue arises from how the system handles failed Forgot Password requests, returning different responses when an account exists versus when it does not. This behavior enables remote attackers to enumerate valid usernames, ex...
CVE-2009-1076
CVE-2009-1076 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The end-user login flow based on a question, when used with IDMROOT/questionLogin.jsp?accountId=USER, reveals different responses depending on whether USER exists. This behavior enables remote attackers to enumerate val...
CVE-2009-0348
The login module in Sun Java System Access Manager 6 2005Q1 aka 6.3, 7 2005Q4 aka 7.0, and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
Lore 1.5.6 SQL Injection
Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias C1c4tr1z,Tecn0x,Lix,1995,N0b0dy,NanonRoses,Codebreak?,Nork,AzraelNuKE && Todos los Miembros de...
Sun Java System Access Manager 7.1 - 'Username' Enumeration
source: https://www.securityfocus.com/bid/33489/info Sun Java System Access Manager is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid them in...
LemonLDAP:NG 0.9.3.1 - User Enumeration Cross-Site Scripting
LemonLDAP:NG 0.9.3.1 - User Enumeration Cross-Site Scripting source: https://www.securityfocus.com/bid/33312/info LemonLDAP:NG is prone to a user-enumeration weakness and a cross-site scripting vulnerability. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames...
LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting
source: https://www.securityfocus.com/bid/33312/info LemonLDAP:NG is prone to a user-enumeration weakness and a cross-site scripting vulnerability. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attacks are also...
CVE-2009-0041
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on...
Constructr CMS 3.02.5 SQL Injection / Traversal
Constructr CMS http://constructr-cms.org/ - = 3.02.5 "Stable" - magicquotesgpc = Off registerglobals = On - Directory Traversal - Source Disclosure - Arbitrary File Creation - Etc Etc Etc - http://site/constructr/backend/template.php?editfile= Db info: ../config/config.inc.php - SQL -...
Immunity Canvas: SAFARI_FILE_STEALING
Name| safarifilestealing ---|--- CVE| CVE-2008-4216 Exploit Pack| CANVAS Description| Safari 3.2 File Stealing Notes| A Warning: Due to the nature of this exploit, a file error.html will be left behind on the target system CVE Name: CVE-2008-4216 VENDOR: Apple NOTES: There are a lot of things...
Microsoft Active Directory LDAP Server - Username Enumeration
Microsoft Active Directory LDAP Server - Username Enumeration source: https://www.securityfocus.com/bid/32305/info Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this...
Microsoft Active Directory LDAP Server - 'Username' Enumeration
source: https://www.securityfocus.com/bid/32305/info Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid them in...