3133 matches found
PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users
PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users Description: BEA Plumtree portal 6.0 is vulnerable to username leakage through the search facility. By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP reques...
CVE-2007-6198
The CVE-2007-6198 issue affects the Plumtree Portal component (portal/server.pt) in BEA AquaLogic Interaction versions 5.0.2–5.0.4 and 6.0.1.218452. The vulnerability allows wildcards in advanced searches for usernames via the in_tx_fulltext parameter, enabling remote attackers to enumerate valid...
AOL Instant Messenger User Enumeration (deprecated)
Binary data 4082.prm...
HP Tru64 Remote Secure Shell User Enumeration Exploit (CVE-2007-2791)
No description provided by source. !/usr/bin/perl use warnings; use strict; Remember: you need to accept ssh key first! use Tie::File; use Fcntl 'ORDONLY'; use Expect; use Time::HiRes qwgettimeofday; tru64-sshenum.pl HP Tru64 Remote Secure Shell user enumeration exploit CVE-2007-2791. Author:...
HP Tru64 - Remote Secure Shell User Enumeration
HP Tru64 - Remote Secure Shell User Enumeration !/usr/bin/perl use warnings; use strict; Remember: you need to accept ssh key first! use Tie::File; use Fcntl 'ORDONLY'; use Expect; use Time::HiRes qwgettimeofday; tru64-sshenum.pl HP Tru64 Remote Secure Shell user enumeration exploit CVE-2007-2791...
HP Tru64 - Remote Secure Shell User Enumeration
!/usr/bin/perl use warnings; use strict; Remember: you need to accept ssh key first! use Tie::File; use Fcntl 'ORDONLY'; use Expect; use Time::HiRes qwgettimeofday; tru64-sshenum.pl HP Tru64 Remote Secure Shell user enumeration exploit CVE-2007-2791. Author: Andrea "bunker" Purificato...
HP Tru64 Remote Secure Shell User Enumeration Exploit (CVE-2007-2791)
Exploit for tru64 platform in category remote exploits ===================================================================== HP Tru64 Remote Secure Shell User Enumeration Exploit CVE-2007-2791 ===================================================================== !/usr/bin/perl use warnings; use...
[Full-disclosure] Microsoft Windows Active Directory Logon Hours User Enumeration Weakness
Windows Server 2003 can be configured http://support.microsoft.com/kb/816666 to restrict the hours and days that a user may log on to a Windows Server 2003 domain. This could lead to username enumeration. Issue:- Microsoft Windows Active Directory Username Enumeration Criticality:- Less Critical...
GLSA-200701-10 : WordPress: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200701-10 WordPress: Multiple vulnerabilities When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error...
BMC Remedy Action Request System user enumeration vulnerability
Messages for invalid password and invalid user name are different...
WordPress: Multiple vulnerabilities
Background WordPress is a popular personal publishing platform with a web interface. Description When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in...
Remedy Action Request System 5.01.02 - User Enumeration
======================================================= Remedy Action Request System User Enumeration ======================================================= Davide Del Vecchio Adv11 Discovered in: 08/01/2007 Version affected: Remedy Action Request System 5.01.02 Patch 1267. The same vulnerable...
CVE-2006-2676
Dispatch.cgi/user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames...
CVE-2006-2676
Dispatch.cgi/user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames...
CVE-2006-2676
CVE-2006-2676 affects SiteScape Forum 7.2 and possibly earlier. The vulnerability involves Dispatch.cgi/_user/uservCard/ returning responses that differ in a way that allows remote attackers to enumerate valid usernames. The NVD entry lists a CVSS v2 base score of 5.0 (MEDIUM), with network attac...
vuBB <= 0.2 (Cookie) Final Remote SQL Injection Exploit (mq=off)
No description provided by source. !/usr/bin/perl print q ---------------------------------------------------------------------- vuBB =0.2 Final Remote SQL Injection cookies Exploit exploit discovered and coded by KingOfSKa https://contropotere.netsons.org...
phpWebSite 0.10.0-full - topics.php SQL Injection
phpWebSite 0.10.0-full - topics.php SQL Injection !/usr/bin/perl advisory sent in by SnIpErSA selfar2002athotmail.com http://www.target.com/topics.php?op=viewtopic&topic=-1%20Union%20select%20name,name,pass,name%20From%20users%20where%20uid=1 ported by str0ke milw0rm.com from x97Rangs code RST/GH...
CVE-2006-0129
CVE-2006-0129 affects Rockliffe MailSite prior to 7.0.3.1, specifically the Mail Management Agent (MAILMA) . The vulnerability arises because the server generates different responses based on whether a username is valid, allowing remote attackers to enumerate valid usernames via TCP port 106. The...
[Full-disclosure] Rockliffe Mailsite User Enumeration Flaw
Synopsis: Rockliffe's Mailsite Mail Management Server User Enumeration Flaw. Product: Rockliffe Mailsite http://www.rockliffe.com Version: Confirmed on Mailsite = 7.0.3.1 Author: Josh Zlatin-Amishav Date: January 4, 2006 Background: Rockliffe MailSite secure email server software and MailSite MP...
Multiple Rockliffe Mailsite mail server vulnerabilities
IMAP server user enumaration and directory traversal...