Lucene search
+L

3143 matches found

Cvelist
Cvelist
added 2009/05/28 8:14 p.m.44 views

CVE-2009-1384

pamkrb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux RHEL 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

7.5AI score0.03326EPSS
Exploits0References12
NVD
NVD
added 2009/05/28 2:30 p.m.20 views

CVE-2009-1803

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

5CVSS6.7AI score0.01218EPSS
Exploits0References4
CVE
CVE
added 2009/05/28 2:0 p.m.61 views

CVE-2009-1803

CVE-2009-1803 affects FreePBX 2.5.1 and other 2.4.x, 2.5.x, and pre-release 2.6.x; the vulnerability stems from different error messages shown on failed login attempts, which reveals whether a user account exists. This behavioral difference enables remote attackers to enumerate valid usernames. T...

5CVSS6.9AI score0.01218EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2009/05/22 6:30 p.m.9 views

Open redirect

The web interface in Open Computer and Software Inventory Next Generation OCS Inventory NG 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames...

5CVSS7AI score0.01558EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/04/28 12:0 a.m.31 views

pam_ssh Login Prompt Remote Username Enumeration

The remote host is running a SSH server that responds differently to login attempts depending on whether or not a valid username is given. This is likely due to a vulnerable version of pamssh. Other products may be affected as well. A remote attacker could use this to enumerate valid usernames,...

5CVSS5.5AI score0.01305EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/04/21 12:0 a.m.29 views

Novell Teaming Login User Account Enumeration Weakness

The remote host is running Novell Teaming, a collaboration and conferencing application. The version of Novell Teaming installed on the remote host allows an unauthenticated remote attacker to enumerate users during the login phase because the web application responds with different messages when...

5CVSS5.5AI score0.01818EPSS
Exploits2References4
exploitpack
exploitpack
added 2009/04/15 12:0 a.m.16 views

Novell Teaming 1.0 - User Enumeration Multiple Cross-Site Scripting Vulnerabilities

Novell Teaming 1.0 - User Enumeration Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/34531/info Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities. A remote attacker can exploit the user-enumeration...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/04/15 12:0 a.m.28 views

Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/34531/info Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attac...

7AI score
Exploits0
CVE
CVE
added 2009/03/25 3:0 p.m.60 views

CVE-2009-1075

CVE-2009-1075 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue arises from how the system handles failed Forgot Password requests, returning different responses when an account exists versus when it does not. This behavior enables remote attackers to enumerate valid usernames, ex...

5CVSS6.9AI score0.02458EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2009/03/25 3:0 p.m.59 views

CVE-2009-1076

CVE-2009-1076 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The end-user login flow based on a question, when used with IDMROOT/questionLogin.jsp?accountId=USER, reveals different responses depending on whether USER exists. This behavior enables remote attackers to enumerate val...

5CVSS6.9AI score0.0229EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2009/01/29 7:0 p.m.25 views

CVE-2009-0348

The login module in Sun Java System Access Manager 6 2005Q1 aka 6.3, 7 2005Q4 aka 7.0, and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

6.2AI score0.08162EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2009/01/28 12:0 a.m.35 views

Lore 1.5.6 SQL Injection

Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias C1c4tr1z,Tecn0x,Lix,1995,N0b0dy,NanonRoses,Codebreak?,Nork,AzraelNuKE && Todos los Miembros de...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2009/01/27 12:0 a.m.34 views

Sun Java System Access Manager 7.1 - 'Username' Enumeration

source: https://www.securityfocus.com/bid/33489/info Sun Java System Access Manager is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid them in...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2009/01/16 12:0 a.m.19 views

LemonLDAP:NG 0.9.3.1 - User Enumeration Cross-Site Scripting

LemonLDAP:NG 0.9.3.1 - User Enumeration Cross-Site Scripting source: https://www.securityfocus.com/bid/33312/info LemonLDAP:NG is prone to a user-enumeration weakness and a cross-site scripting vulnerability. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2009/01/16 12:0 a.m.22 views

LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting

source: https://www.securityfocus.com/bid/33312/info LemonLDAP:NG is prone to a user-enumeration weakness and a cross-site scripting vulnerability. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attacks are also...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2009/01/14 11:30 p.m.25 views

CVE-2009-0041

IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on...

5CVSS5.9AI score0.02715EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2008/12/30 12:0 a.m.16 views

Constructr CMS 3.02.5 SQL Injection / Traversal

Constructr CMS http://constructr-cms.org/ - = 3.02.5 "Stable" - magicquotesgpc = Off registerglobals = On - Directory Traversal - Source Disclosure - Arbitrary File Creation - Etc Etc Etc - http://site/constructr/backend/template.php?editfile= Db info: ../config/config.inc.php - SQL -...

0.5AI score
Exploits0
canvas
canvas
added 2008/11/17 6:18 p.m.59 views

Immunity Canvas: SAFARI_FILE_STEALING

Name| safarifilestealing ---|--- CVE| CVE-2008-4216 Exploit Pack| CANVAS Description| Safari 3.2 File Stealing Notes| A Warning: Due to the nature of this exploit, a file error.html will be left behind on the target system CVE Name: CVE-2008-4216 VENDOR: Apple NOTES: There are a lot of things...

4.3CVSS6AI score0.08634EPSS
Exploits2
exploitpack
exploitpack
added 2008/11/14 12:0 a.m.19 views

Microsoft Active Directory LDAP Server - Username Enumeration

Microsoft Active Directory LDAP Server - Username Enumeration source: https://www.securityfocus.com/bid/32305/info Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/11/14 12:0 a.m.35 views

Microsoft Active Directory LDAP Server - 'Username' Enumeration

source: https://www.securityfocus.com/bid/32305/info Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid them in...

7.4AI score
Exploits0
Rows per page
Query Builder