CVE-2005-0108

Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument...

CVE-2004-0925

CVE-2004-0925 affects Postfix on Mac OS X 10.3.x through 10.3.5 with SMTPD AUTH enabled. The root cause is that the username is not properly cleared between authentication attempts, allowing the user with the longest username to prevent other valid users from authenticating. The connected documen...

CVE-2004-0777

Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...

Debian DSA-421-1 : mod-auth-shadow - password expiration

David B Harris discovered a problem with mod-auth-shadow, an Apache module which authenticates users against the system shadow password database, where the expiration status of the user's account and password were not enforced. This vulnerability would allow an otherwise authorized user to...

Debian DSA-247-1 : courier-ssl - missing input sanitizing

The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiti...

CVE-2003-0040

The CVE-2003-0040 entry concerns SQL injection in the courier mail server (courier 0.40 and earlier) via the PostgreSQL auth module. A remote attacker could inject SQL through the username, exploiting insufficient input sanitization in the authentication path. This is supported by multiple source...

CVE-2003-0040

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name...

CVE-2003-0040

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name...

DEBIAN-CVE-2004-1737

SQL injection vulnerability in authlogin.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username or 2 password parameters...

Samba SWAT HTTP Basic Auth base64 Overflow

The remote host is running SWAT - a web-based administration tool for Samba. There is a buffer overflow condition in the remote version of this software which might allow an attacker to execute arbitrary code on the remote host by sending a malformed authorization request or any malformed base64...

PT-2004-1606 · Apache · Apache Mod Ssl +1

Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to a stack-based buffer overflow in the ssl util uuencode binary function. This occurs when mod ssl is configured to trust the issuing CA and a client certificat...

[SECURITY] [DSA 421-1] New mod-auth-shadow packages fix password expiration checking

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 421-1 [email protected] http://www.debian.org/security/ Matt Zimmerman January 12th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 421-1] New mod-auth-shadow packages fix password expiration checking

-------------------------------------------------------------------------- Debian Security Advisory DSA 421-1 [email protected] http://www.debian.org/security/ Matt Zimmerman January 12th, 2004 http://www.debian.org/security/faq -...

CVE-2003-1177

Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long 1 AUTH command to the POP3 server or 2 AUTHENTICATE command to the IMAP server...

[Full-Disclosure] Cisco Security Advisory: Cisco FWSM Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco FWSM Vulnerabilities Revision 1.0 For Public Release 2003 December 15 at 1600 UTC GMT ---------------------------------------------------------------------- Contents Summary Affected Products Details Impact Software...

Atrium Software Mercur Mailserver POP3 AUTH Remote Buffer Overflow Vulnerability

Description A problem has been reported in MERCUR Mailserver when handling the POP3 AUTH command. This problem may make it possible for an attacker crash the service on a vulnerable system, or gain unauthorized access. Technologies Affected Atrium Software MERCUR Mailserver 3.3.0 Atrium Software...

Atrium Software Mercur MailServer 3.34.04.2 - IMAP AUTH Remote Buffer Overflow

Atrium Software Mercur MailServer 3.34.04.2 - IMAP AUTH Remote Buffer Overflow source: https://www.securityfocus.com/bid/8861/info A problem has been reported in MERCUR Mailserver when handling the IMAP AUTH command. The issue occurs when an overly long command is submitted, which may be due to a...

Atrium Software Mercur MailServer 3.3/4.0/4.2 - IMAP AUTH Remote Buffer Overflow

source: https://www.securityfocus.com/bid/8861/info A problem has been reported in MERCUR Mailserver when handling the IMAP AUTH command. The issue occurs when an overly long command is submitted, which may be due to a buffer overrun. This problem may make it possible for an attacker to gain...

Another ZEUS Server web admin XSS!

Hi, another XSS, now on the ZEUS web admin interface. The tested software is Zeus 4.2r2 webadmin-4.2r2 on Linux x86 This is not the same issue as bid 6144 index.fcgi, now is on "vsdiag.cgi". Exploit is simple: http://target:9090/apps/web/vsdiag.cgi?server=YOURCODE I have read this post:...

CVE-2003-0040

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name...