431 matches found
CVE-2001-1459
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module PAM session if commands are executed with no pty, which allows local users to bypass resource limits rlimits set in pam.d...
CVE-2001-1459
OpenSSH
[Full-Disclosure] Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows
Security Advisory Advisory: ADLAB-04002Jabberd2.x remote Buffer Overflows Authors: [email protected] Class: Boundary Condition Error CVE:CAN-2004-0953 Remote: Yes, could allow remote compromise Vulnerable: Jabberd 2. Unvulnerable: Jabberd 1.4 Vendor: http://jabberd.jabberstudio.org/ I.INFO:...
CVE-2003-0982
Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password...
Cisco ACNS contains buffer overflow vulnerability in the authentication module when supplied an overly long password
Overview Cisco Application and Content Networking Software ACNS contains a buffer overflow that may enable an attacker to execute arbitrary code on the affected device. Description Cisco ACNS Software "...combines demand-pull caching and pre-positioning for accelerated delivery of web application...
CVE-2003-0982
Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password...
CVE-2003-0982
CVE-2003-0982 refers to a buffer overflow in Cisco ACNS authentication module. Affected versions are ACNS 4.x before 4.2.11 and 5.x before 5.0.5, where sending an overly long password can allow a remote attacker to execute arbitrary code on the device. The Cisco advisory notes fix upgrades to 4.2...
CVE-2003-0500
SQL injection vulnerability in the PostgreSQL authentication module modsqlpostgres for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name...
Apache HTTPD contains denial of service vulnerability in basic authentication module
Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...
DEBIAN-CVE-2003-0189
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...
CVE-2003-0189
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...
DEBIAN-CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
login_ldap security announcement
Sebastian Stark from Directory Applications for Advanced Security and Information Management http://www.daasi.de has found a serious issue with loginldap, affecting all versions. loginldap is a BSD Authentication module for authenticating users off an LDAP server, and runs on OpenBSD and BSD/OS. ...
DEBIAN-CVE-2003-0040
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name...
CVE-2001-1354
NetWin Authentication module NWAuth 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password...
CVE-2001-1355
Buffer overflows in NetWin Authentication Module NWAuth 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to 1 the -del command or 2 the -lookup command...
CVE-2001-1354
The CVE-2001-1354 entry concerns the NetWin Authentication module (NWAuth) versions 2.0 and 3.0b, as implemented in SurgeFTP and DMail (and possibly other packages). The root cause is weak password hashing used by NWAuth, which could enable local users to decrypt stored passwords or to log in wit...
ldap vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --- Blackshell Advisory 5 --- Local Format String Vuln in pamldap and remote in squidauthldap - --- Blackshell Advisory 5 --- - --- Versions Affected --- pamldap: 143 prior vendor status: nil squidauthldap: 2.0 prior vendor status: nil - --- What is...
Многочисленные уязвимости в NetWin Authentication Module (weak encryption, buffer overflow)
Многочисленные уязвимости: обратимое шифрование паролей, плохой хэш, переполнения буфера...
CVE-2001-1354
NetWin Authentication module NWAuth 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password...