Lucene search
+L

3133 matches found

exploitdb
exploitdb
added 2003/06/04 12:0 a.m.28 views

MegaBrowser < 0.71b - Multiple Vulnerabilities

MegaBrowser Multiple Vulnerabilities Vendor: Quality Programming Corporation Product: MegaBrowser Version: = 0.71b Website: http://www.megabrowser.com BID: 7802 7803 Description: Megabrowser is a free standalone program that enables you to host websites and FTP sites by utilizing its powerful...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/05/28 12:0 a.m.24 views

S21SEC-020 - Vignette user enumeration

ID: S21SEC-020-en Title: Vignette user enumeration Date: 15/03/2003 Status: Vendor contacted and solution available Scope: Enumeration of user status Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-020-en.txt Release: External S 2 1 S E C http://www.s21sec.com...

7.2AI score
Exploits0
nessus
nessus
added 2003/05/27 12:0 a.m.35 views

BlackMoon FTP Login Error Message User Enumeration

The version of BlackMoon FTP running on the remote host issues a special error message when a user attempts to log in using a nonexistent account. An attacker may use this flaw to make a list of valid accounts, which can be used to mount further attacks. C Tenable Network Security, Inc. ref:...

4.6CVSS5.5AI score0.00476EPSS
Exploits0References2
securityvulns
securityvulns
added 2003/05/22 12:0 a.m.26 views

[[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration

Telhack 026 Inc. Security Advisory - 4 Name: Blackmoon FTP Server 2.6 Free Edition Impact: Medium Date: May 21 / 2003 Daniel Nystrm a.k.a. excE [email protected] I N F O BlackMoon FTP Server is an FTP daemon written specifically for Windows 2000/XP and above. It takes advantage of all the new...

0.8AI score
Exploits0
nvd
nvd
added 2003/05/12 4:0 a.m.22 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

5CVSS9.2AI score0.76751EPSS
Exploits10References10
nessus
nessus
added 2003/05/06 12:0 a.m.274 views

OpenSSH w/ PAM Multiple Timing Attack Weaknesses

The remote host seems to be running an SSH server that could allow an attacker to determine the existence of a given login by comparing the time the remote sshd daemon takes to refuse a bad password for a nonexistent login compared to the time it takes to refuse a bad password for a valid login. ...

7.6CVSS6.9AI score0.76751EPSS
Exploits10References2
cve
cve
added 2003/05/02 12:0 a.m.293 views

CVE-2003-0190

CVE-2003-0190 affects OpenSSH-portable/OpenSSH 3.6.1p1 and earlier with PAM enabled. The vulnerability is a timing side‑channel: when a login attempts with a non-existent username, an error is returned immediately, allowing remote attackers to determine valid usernames. This is an information dis...

5CVSS6.3AI score0.76751EPSS
Exploits10References10Affected Software1
nessus
nessus
added 2003/04/03 12:0 a.m.44 views

NETGEAR FM114P ProSafe Router Multiple Vulnerabilities

The NETGEAR FM114P ProSafe Wireless Router and possibly other devices discloses the username and password of the WAN when it receives specially crafted UPnP soap requests. An attacker may use this flaw to steal a valid username and password. In addition to this, an attacker may use UPnP to disabl...

5.5AI score
Exploits0References2
exploitpack
exploitpack
added 2002/10/05 12:0 a.m.22 views

MySQL 3.20.323.22.x3.23.x - Null Root Password Weak Default Configuration (2)

MySQL 3.20.323.22.x3.23.x - Null Root Password Weak Default Configuration 2 / source: https://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. A weak default configuration...

0.2AI score
Exploits0
nvd
nvd
added 2002/08/12 4:0 a.m.14 views

CVE-2002-0523

ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie...

5CVSS6.7AI score0.01884EPSS
Exploits1References5
nessus
nessus
added 2002/08/03 12:0 a.m.524 views

RPC rusers Remote Information Disclosure

The rusersd RPC service is running. It provides an attacker interesting information such as how often the system is being used, the names of the users, and more. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11058; scriptversion"1.19"; scriptcvsdate"Date: 2018/08/13...

5.4AI score0.01376EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2002/06/06 12:0 a.m.7 views

PT-2002-1085

Name of the Vulnerable Software and Affected Versions OpenSSH versions through 8.7 Description The issue allows remote attackers to test whether a certain combination of username and public key is known to an SSH server. This occurs because a challenge is sent only when that combination could be...

5.3CVSS7.8AI score0.05326EPSS
Exploits1References21
cvelist
cvelist
added 2002/05/03 4:0 a.m.27 views

CVE-2001-1233

Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services NDS enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm...

6.4AI score0.01627EPSS
Exploits1References2
cve
cve
added 2002/05/03 4:0 a.m.57 views

CVE-2001-1233

Netware Enterprise Web Server 5.1 with GroupWise WebAccess 5.5 and NDS enabled is affected. The vulnerability allows remote attackers to enumerate usernames, group names and other system information by accessing ndsobj.nlm, due to exposure of directory information. CVSS v2.0 base score is 5.0 (AV...

5CVSS6.8AI score0.01627EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2002/05/03 4:0 a.m.19 views

CVE-2001-1280

POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system...

6.7AI score0.02188EPSS
Exploits0References3
nessus
nessus
added 2002/03/17 12:0 a.m.26 views

Microsoft Windows Local User Information

Using the supplied credentials, Nessus was able to retrieve information for each local user. Note that this plugin itself does not issue a report and only serves to store information about each local user in the KB for further checks. C Tenable Network Security, Inc. include"compat.inc"; if...

5.4AI score
Exploits0
nessus
nessus
added 2002/02/13 12:0 a.m.348 views

SMB Use Host SID to Enumerate Local Users

Using the host security identifier SID, Nessus was able to enumerate local users on the remote Windows system. C Tenable Network Security, Inc. @PREFERENCES@ include"compat.inc"; if description scriptid10860; scriptversion"1.62"; scriptsetattributeattribute:"pluginmodificationdate",...

5.5AI score
Exploits0
securityvulns
securityvulns
added 2002/01/30 12:0 a.m.31 views

Enumerating users on a Domino webserver

Hi, during a pen-test against a Domino 5.0.8 webserver, I was able to enumerate valid users. A simple "GET /mail/toto.nsf HTTP/1.0" redirects to the login page with a "200 OK" HTTP code if the user "toto" exists and a "404 File not Found" is returned if the user doesn't exist. This issue can allo...

0.2AI score
Exploits0
nessus
nessus
added 2001/10/10 12:0 a.m.40 views

Microsoft Outlook Web Access (OWA) Anonymous Access

It is possible to browse the information of the OWA server by accessing as an anonymous user with the following URL: http://www.example.com/exchange/root.asp?acs=anon After this access, the anonymous user can search for valid users in the OWA server and can enumerate all users by accessing the...

5CVSS5.6AI score0.2199EPSS
Exploits0References1
securityvulns
securityvulns
added 2001/09/08 12:0 a.m.55 views

Exchange Public Folders Information Leakage

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com SUMMARY Microsoft Exchange Server handles anonymous access to its Public Folders insecurely. While administrators may disable the "Find Users" features to...

6.9AI score
Exploits0
Rows per page
Query Builder