2006 matches found
Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass
The version of Drupal installed on the remote host includes at least one third-party module that adds a captcha to various forms e.g. user registration that is affected by a security bypass vulnerability. A remote attacker, using a specially crafted 'editcaptcharesponse' parameter, can bypass...
Textimage - response validation bypass
Captcha validation by Textimage can be bypassed by manipulating request variables while posting. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Textimage 4.7.x prior to Textimage 4.7-1.2. All versions of Textimage 5.x prior to...
Captcha - response validation bypass
Captcha validation can be bypassed by manipulating request variables while posting or by providing certain incorrect responses. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Captcha 4.7.x prior to Captcha 4.7-1.2. All versions o...
The use of the system vulnerabilities to easily bypass your CAPTCHA-vulnerability warning-the black bar safety net
CAPTCHA's every time you access the page when randomly generated pictures, the content is generally numbers and letters the more powerful point and Chinese, you need the visitor to put in letters to fill into the form submission, thus effectively preventing brute force. CAPTCHA is also used to...
[Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability
Debug mode is a feature in IPB 2.0.0-2.1.7 that shows all database queries for each forum page requested. If Debug mode is turned on, it is possible for anyone to request a forgotten password for an account, and capture the validation key that is sent to the account's email address. This allows a...
eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory: eXpBlog = 0.3.5 Cross Site Scripting Vulnerabilities Release Date: 10/09/2006 Last Modified: 10/09/2006 Author: Tamriel tamriel at gmx dot net Application: eXpBlog = 0.3.5 Risk: Low Vendor Status: contaced | replied Vendor Site:...
Gently bypass your CAPTCHA-vulnerability warning-the black bar safety net
Certificate code that each time you access the page when randomly generated pictures, the content is generally numbers and letters and more BT points of the Chinese, Oh, a visitor put the figure numbers in the letters fill in to the form submission, thus effectively preventing brute force. CAPTCH...
SYMSA-2006-005
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-005 Advisory Title: Lanap CAPTCHA bypass exposure Author : Michael White, [email protected] and Graham Murphy, [email protected]...
BotDetect ASP.NET CAPTCHA security protection bypass
It's possible to bypass protection by using replay attacks...
CVE-2006-2918
The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."...
CVE-2006-2918
The Lanap BotDetect ASP.NET CAPTCHA component (pre-1.5.4.0) stores the CAPTCHA UUID and hash in the ViewState, allowing a remote attacker to replay a known ViewState and bypass the CAPTCHA. Symantec advisory SYMSA-2006-005 confirms the bypass and notes the vendor fixed the issue in BotDetect ASP....
CVE-2006-2918
The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."...
e107 email.php Arbitrary Mail Relay
The version of e107 installed on the remote host contains a script, 'email.php' that allows an unauthenticated user to send email messages to arbitrary users and to control, to a large degree, the content of those messages. This issue can be exploited to send spam or other types of abuse through...
Design/Logic Flaw
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent HTTPUSERAGENT, which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying tha...
CVE-2006-0805
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent HTTPUSERAGENT, which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying tha...
CVE-2006-0805
The CVE-2006-0805 issue affects php-Nuke 6.0–7.9 where CAPTCHA uses fixed challenge/response pairs that vary only daily based on the User-Agent. An attacker can bypass CAPTCHA by fixing HTTP_USER_AGENT, performing a valid challenge/response, and replaying that pair in the random_num and gfx_check...
CVE-2006-0805
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent HTTPUSERAGENT, which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying tha...
waraxe-2006-SA-045.txt
================================================================================ waraxe-2006-SA045 ================================================================================ Bypassing CAPTCHA in phpNuke 6.x-7.9 ================================================================================...
[waraxe-2006-SA#045] - Bypassing CAPTCHA in phpNuke 6.x-7.9
================================================================================ waraxe-2006-SA045 ================================================================================ Bypassing CAPTCHA in phpNuke 6.x-7.9 ================================================================================...
PHP-Nuke 7.x - CAPTCHA Bypass
PHP-Nuke 7.x - CAPTCHA Bypass source: https://www.securityfocus.com/bid/16722/info The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error. This may be used to carry out other attacks such as brute-force attempts against the login page. ------ real life...