GLSA-200603-13 : PEAR-Auth: Potential authentication bypass

The remote host is affected by the vulnerability described in GLSA-200603-13 PEAR-Auth: Potential authentication bypass Matt Van Gundy discovered that PEAR-Auth did not correctly validate data passed to the DB and LDAP containers. Impact : A remote attacker could possibly exploit this vulnerabili...

PEAR-Auth: Potential authentication bypass

Background PEAR-Auth is a PEAR package that provides methods to create a PHP based authentication system. Description Matt Van Gundy discovered that PEAR-Auth did not correctly validate data passed to the DB and LDAP containers. Impact A remote attacker could possibly exploit this vulnerability t...

schooltools.htm.txt

I MurderSkillz from www.g00ns.net have found a auth bypass vulnerability in Schooltools Site Builder - Educator Edition Possibly other versions. The vulnerability takes place in admin.asp. I believe what http://schooltools.us does is they host their customers and they all have...

Crlf injection

Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."...

CVE-2006-0868

Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."...

CVE-2006-0868

Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."...

CVE-2006-0868

Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."...

CVE-2006-0868

PEAR::Auth back ends in PEAR-Auth are affected by multiple injection vulnerabilities that could allow remote attackers to falsify authentication credentials. Affected are Auth containers before 1.2.4 and 1.3.x before 1.3.0r4. The underlying storage containers are the source of the issue. Reported...

CVE-2006-0730

Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service application crash or hang via unspecified vectors involving 1 "potential hangs" in the APPEND command and "potential crashes" in 2 dovecot-auth and 3 imap/pop3-login. NOTE: vector 2...

ASPThai.Net Guestbook <= 5.5 (Auth Bypass) SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================ ASPThai.Net Guestbook new or die; $cookiejar = HTTP::Cookies-new; $xpl-agent'g00ns'; $xpl-cookiejar$cookiejar; $res = $xpl-post $Server.'checkuser.asp', Content = 'txtUserNam...

[SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 952-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 23rd, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 952-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 23rd, 2006 http://www.debian.org/security/faq -...

Ubuntu 4.10 / 5.04 / 5.10 : libapache2-mod-auth-pgsql vulnerability (USN-239-1)

Several format string vulnerabilities were discovered in the error logging handling. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache user 'www-data'. Not...

[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 935-1 [email protected] http://www.debian.org/security/ Michael Stone January 10, 2006 http://www.debian.org/security/faq -...

Apache mod-auth-pgsql authorization module format string vulnerabilities

Several format string bugs in error logging...

DSA-935-1 libapache2-mod-auth-pgsql - format string vulnerability

Bulletin has no description...

PT-2006-1039 · Apache · Apache Auth Ldap

Name of the Vulnerable Software and Affected Versions: Apache auth ldap versions 1.6.0 and earlier auth ldap version 1.4.8 Description: The issue concerns multiple format string vulnerabilities in the auth ldap log reason function. This allows remote attackers to execute arbitrary code via variou...

SCO OpenServer 5.0.7 - termsh Local Privilege Escalation

SCO OpenServer 5.0.7 - termsh Local Privilege Escalation / SCO Openserver 5.0.7 termsh exploit =================================== 'termsh' is a program to view or modify an existing terminal entry on SCO Openserver. A stack based overflow exists in the handling of command line arguements, namely...

Apache HTTP Server Auth Module SQL Insertion Attack

This plugin checks whether the web server is using Apache Auth modules which are known to be vulnerable to SQL insertion attacks. SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

security flaw

Memory leak in the requestkeyauthdestroy function in requestkeyauth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service memory consumption via a large number of authorization token keys...