CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...

Debian DSA-659-1 : libpam-radius-auth - information leak, integer underflow

Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module. The Common Vulnerabilities and Exposures Project identifies the following problems : - CAN-2004-1340 The Debian package accidentally installed its configuration file /etc/pamradiusauth.conf...

CVE-2005-0108

CVE-2005-0108 is a vulnerability in Apache mod_auth_radius and the libpam-radius-auth PAM module. The Debian and related advisories describe an integer underflow in the mod_auth_radius component that can be triggered by a crafted RADIUS_REPLY_MESSAGE, potentially allowing remote attackers to caus...

CVE-2005-0108

Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument...

CVE-2005-0108

Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument...

CVE-2004-0925

CVE-2004-0925 affects Postfix on Mac OS X 10.3.x through 10.3.5 with SMTPD AUTH enabled. The root cause is that the username is not properly cleared between authentication attempts, allowing the user with the longest username to prevent other valid users from authenticating. The connected documen...

CVE-2004-0777

Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...

Debian DSA-421-1 : mod-auth-shadow - password expiration

David B Harris discovered a problem with mod-auth-shadow, an Apache module which authenticates users against the system shadow password database, where the expiration status of the user's account and password were not enforced. This vulnerability would allow an otherwise authorized user to...

Debian DSA-247-1 : courier-ssl - missing input sanitizing

The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiti...

CVE-2003-0040

The CVE-2003-0040 entry concerns SQL injection in the courier mail server (courier 0.40 and earlier) via the PostgreSQL auth module. A remote attacker could inject SQL through the username, exploiting insufficient input sanitization in the authentication path. This is supported by multiple source...

CVE-2003-0040

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name...

CVE-2003-0040

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name...

DEBIAN-CVE-2004-1737

SQL injection vulnerability in authlogin.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username or 2 password parameters...

Samba SWAT HTTP Basic Auth base64 Overflow

The remote host is running SWAT - a web-based administration tool for Samba. There is a buffer overflow condition in the remote version of this software which might allow an attacker to execute arbitrary code on the remote host by sending a malformed authorization request or any malformed base64...

PT-2004-1606 · Apache · Apache Mod Ssl +1

Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to a stack-based buffer overflow in the ssl util uuencode binary function. This occurs when mod ssl is configured to trust the issuing CA and a client certificat...

[SECURITY] [DSA 421-1] New mod-auth-shadow packages fix password expiration checking

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 421-1 [email protected] http://www.debian.org/security/ Matt Zimmerman January 12th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 421-1] New mod-auth-shadow packages fix password expiration checking

-------------------------------------------------------------------------- Debian Security Advisory DSA 421-1 [email protected] http://www.debian.org/security/ Matt Zimmerman January 12th, 2004 http://www.debian.org/security/faq -...

CVE-2003-1177

Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long 1 AUTH command to the POP3 server or 2 AUTHENTICATE command to the IMAP server...

[Full-Disclosure] Cisco Security Advisory: Cisco FWSM Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco FWSM Vulnerabilities Revision 1.0 For Public Release 2003 December 15 at 1600 UTC GMT ---------------------------------------------------------------------- Contents Summary Affected Products Details Impact Software...

Atrium Software Mercur Mailserver POP3 AUTH Remote Buffer Overflow Vulnerability

Description A problem has been reported in MERCUR Mailserver when handling the POP3 AUTH command. This problem may make it possible for an attacker crash the service on a vulnerable system, or gain unauthorized access. Technologies Affected Atrium Software MERCUR Mailserver 3.3.0 Atrium Software...