CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

SUSE CVE•added 2023/02/15 5:50 a.m.•1 views

SUSE CVE-2011-3372

imap/nntpd.c in the NNTP server nntpd for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command...

7.5CVSS7.4AI score0.0027EPSS

Exploits0References3

Metasploit•added 2017/06/15 8:25 p.m.•46 views

NNTP Login Utility

This module attempts to authenticate to NNTP services which support the AUTHINFO authentication extension. This module supports AUTHINFO USER/PASS authentication, but does not support AUTHINFO GENERIC or AUTHINFO SASL authentication methods. This module requires Metasploit:...

7.5CVSS0.6AI score0.37089EPSS

Exploits41

FreeBSD•added 2012/08/14 12:0 a.m.•64 views

inn -- plaintext command injection into encrypted channel

INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

6.8CVSS9.5AI score0.32222EPSS

Exploits1References1

CVE•added 2005/09/19 4:0 a.m.•48 views

CVE-2005-2990

CVE-2005-2990 affects the LineContol Java Client (jlc) component, where the AuthInfo.java code path in versions before 0.8.1 logs sensitive data such as user passwords. The documented impact is partial confidentiality loss. No exploitation details are provided in the sources; no explicit remediat...

2.1CVSS6.6AI score0.00065EPSS

Exploits0References4Affected Software1