Lucene search
+L

3133 matches found

securityvulns
securityvulns
added 2007/12/03 12:0 a.m.48 views

PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users

PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users Description: BEA Plumtree portal 6.0 is vulnerable to username leakage through the search facility. By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP reques...

7.4AI score
Exploits0
cve
cve
added 2007/12/01 1:0 a.m.50 views

CVE-2007-6198

The CVE-2007-6198 issue affects the Plumtree Portal component (portal/server.pt) in BEA AquaLogic Interaction versions 5.0.2–5.0.4 and 6.0.1.218452. The vulnerability allows wildcards in advanced searches for usernames via the in_tx_fulltext parameter, enabling remote attackers to enumerate valid...

5CVSS6.7AI score0.07037EPSS
Exploits1References6Affected Software1
nessus
nessus
added 2007/06/11 12:0 a.m.14 views

AOL Instant Messenger User Enumeration (deprecated)

Binary data 4082.prm...

7.3AI score
Exploits0References1
seebug
seebug
added 2007/06/05 12:0 a.m.40 views

HP Tru64 Remote Secure Shell User Enumeration Exploit (CVE-2007-2791)

No description provided by source. !/usr/bin/perl use warnings; use strict; Remember: you need to accept ssh key first! use Tie::File; use Fcntl 'ORDONLY'; use Expect; use Time::HiRes qwgettimeofday; tru64-sshenum.pl HP Tru64 Remote Secure Shell user enumeration exploit CVE-2007-2791. Author:...

10CVSS6.5AI score0.06464EPSS
Exploits6
exploitpack
exploitpack
added 2007/06/04 12:0 a.m.45 views

HP Tru64 - Remote Secure Shell User Enumeration

HP Tru64 - Remote Secure Shell User Enumeration !/usr/bin/perl use warnings; use strict; Remember: you need to accept ssh key first! use Tie::File; use Fcntl 'ORDONLY'; use Expect; use Time::HiRes qwgettimeofday; tru64-sshenum.pl HP Tru64 Remote Secure Shell user enumeration exploit CVE-2007-2791...

10CVSS6.7AI score0.06464EPSS
Exploits6
exploitdb
exploitdb
added 2007/06/04 12:0 a.m.41 views

HP Tru64 - Remote Secure Shell User Enumeration

!/usr/bin/perl use warnings; use strict; Remember: you need to accept ssh key first! use Tie::File; use Fcntl 'ORDONLY'; use Expect; use Time::HiRes qwgettimeofday; tru64-sshenum.pl HP Tru64 Remote Secure Shell user enumeration exploit CVE-2007-2791. Author: Andrea "bunker" Purificato...

10CVSS6.6AI score0.06464EPSS
Exploits6
zdt
zdt
added 2007/06/04 12:0 a.m.38 views

HP Tru64 Remote Secure Shell User Enumeration Exploit (CVE-2007-2791)

Exploit for tru64 platform in category remote exploits ===================================================================== HP Tru64 Remote Secure Shell User Enumeration Exploit CVE-2007-2791 ===================================================================== !/usr/bin/perl use warnings; use...

6.7AI score0.06464EPSS
Exploits6
securityvulns
securityvulns
added 2007/06/01 12:0 a.m.39 views

[Full-disclosure] Microsoft Windows Active Directory Logon Hours User Enumeration Weakness

Windows Server 2003 can be configured http://support.microsoft.com/kb/816666 to restrict the hours and days that a user may log on to a Windows Server 2003 domain. This could lead to username enumeration. Issue:- Microsoft Windows Active Directory Username Enumeration Criticality:- Less Critical...

6.9AI score
Exploits0
nessus
nessus
added 2007/01/17 12:0 a.m.43 views

GLSA-200701-10 : WordPress: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200701-10 WordPress: Multiple vulnerabilities When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error...

6.8CVSS6AI score0.07357EPSS
Exploits2References4
securityvulns
securityvulns
added 2007/01/15 12:0 a.m.72 views

BMC Remedy Action Request System user enumeration vulnerability

Messages for invalid password and invalid user name are different...

5CVSS2.8AI score0.01816EPSS
Exploits0References1Affected Software1
gentoo
gentoo
added 2007/01/15 12:0 a.m.39 views

WordPress: Multiple vulnerabilities

Background WordPress is a popular personal publishing platform with a web interface. Description When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in...

6.8CVSS6.5AI score0.07357EPSS
Exploits2
securityvulns
securityvulns
added 2007/01/15 12:0 a.m.51 views

Remedy Action Request System 5.01.02 - User Enumeration

======================================================= Remedy Action Request System User Enumeration ======================================================= Davide Del Vecchio Adv11 Discovered in: 08/01/2007 Version affected: Remedy Action Request System 5.01.02 Patch 1267. The same vulnerable...

7.2AI score
Exploits0
nvd
nvd
added 2006/05/31 10:6 a.m.14 views

CVE-2006-2676

Dispatch.cgi/user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames...

5CVSS6.7AI score0.01377EPSS
Exploits0References3
cvelist
cvelist
added 2006/05/31 10:0 a.m.19 views

CVE-2006-2676

Dispatch.cgi/user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames...

6.7AI score0.01377EPSS
Exploits0References3
cve
cve
added 2006/05/31 10:0 a.m.34 views

CVE-2006-2676

CVE-2006-2676 affects SiteScape Forum 7.2 and possibly earlier. The vulnerability involves Dispatch.cgi/_user/uservCard/ returning responses that differ in a way that allows remote attackers to enumerate valid usernames. The NVD entry lists a CVSS v2 base score of 5.0 (MEDIUM), with network attac...

5CVSS6.7AI score0.01377EPSS
Exploits0References3Affected Software1
seebug
seebug
added 2006/03/01 12:0 a.m.19 views

vuBB <= 0.2 (Cookie) Final Remote SQL Injection Exploit (mq=off)

No description provided by source. !/usr/bin/perl print q ---------------------------------------------------------------------- vuBB =0.2 Final Remote SQL Injection cookies Exploit exploit discovered and coded by KingOfSKa https://contropotere.netsons.org...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/02/24 12:0 a.m.11 views

phpWebSite 0.10.0-full - topics.php SQL Injection

phpWebSite 0.10.0-full - topics.php SQL Injection !/usr/bin/perl advisory sent in by SnIpErSA selfar2002athotmail.com http://www.target.com/topics.php?op=viewtopic&topic=-1%20Union%20select%20name,name,pass,name%20From%20users%20where%20uid=1 ported by str0ke milw0rm.com from x97Rangs code RST/GH...

8.6AI score
Exploits0
cve
cve
added 2006/01/09 11:0 a.m.48 views

CVE-2006-0129

CVE-2006-0129 affects Rockliffe MailSite prior to 7.0.3.1, specifically the Mail Management Agent (MAILMA) . The vulnerability arises because the server generates different responses based on whether a username is valid, allowing remote attackers to enumerate valid usernames via TCP port 106. The...

5CVSS6.7AI score0.01566EPSS
Exploits1References5Affected Software1
securityvulns
securityvulns
added 2006/01/04 12:0 a.m.41 views

[Full-disclosure] Rockliffe Mailsite User Enumeration Flaw

Synopsis: Rockliffe's Mailsite Mail Management Server User Enumeration Flaw. Product: Rockliffe Mailsite http://www.rockliffe.com Version: Confirmed on Mailsite = 7.0.3.1 Author: Josh Zlatin-Amishav Date: January 4, 2006 Background: Rockliffe MailSite secure email server software and MailSite MP...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/01/04 12:0 a.m.28 views

Multiple Rockliffe Mailsite mail server vulnerabilities

IMAP server user enumaration and directory traversal...

3.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder