Lucene search
K

2006 matches found

Tenable Nessus
Tenable Nessus
added 2007/02/01 12:0 a.m.41 views

Drupal Multiple Module $_SESSION Manipulation CAPTCHA Bypass

The version of Drupal installed on the remote host includes at least one third-party module that adds a captcha to various forms e.g. user registration that is affected by a security bypass vulnerability. A remote attacker, using a specially crafted 'editcaptcharesponse' parameter, can bypass...

5CVSS5.6AI score0.02594EPSS
Exploits0References3
Drupal
Drupal
added 2007/01/31 12:0 a.m.14 views

Textimage - response validation bypass

Captcha validation by Textimage can be bypassed by manipulating request variables while posting. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Textimage 4.7.x prior to Textimage 4.7-1.2. All versions of Textimage 5.x prior to...

7.1AI score
Exploits0References4
Drupal
Drupal
added 2007/01/30 12:0 a.m.15 views

Captcha - response validation bypass

Captcha validation can be bypassed by manipulating request variables while posting or by providing certain incorrect responses. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Captcha 4.7.x prior to Captcha 4.7-1.2. All versions o...

7.2AI score
Exploits0References4
myhack58
myhack58
added 2006/12/28 12:0 a.m.36 views

The use of the system vulnerabilities to easily bypass your CAPTCHA-vulnerability warning-the black bar safety net

CAPTCHA's every time you access the page when randomly generated pictures, the content is generally numbers and letters the more powerful point and Chinese, you need the visitor to put in letters to fill into the form submission, thus effectively preventing brute force. CAPTCHA is also used to...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/11/02 12:0 a.m.127 views

[Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability

Debug mode is a feature in IPB 2.0.0-2.1.7 that shows all database queries for each forum page requested. If Debug mode is turned on, it is possible for anyone to request a forgotten password for an account, and capture the validation key that is sent to the account's email address. This allows a...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/10/11 12:0 a.m.73 views

eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory: eXpBlog = 0.3.5 Cross Site Scripting Vulnerabilities Release Date: 10/09/2006 Last Modified: 10/09/2006 Author: Tamriel tamriel at gmx dot net Application: eXpBlog = 0.3.5 Risk: Low Vendor Status: contaced | replied Vendor Site:...

0.4AI score
Exploits0
myhack58
myhack58
added 2006/09/30 12:0 a.m.18 views

Gently bypass your CAPTCHA-vulnerability warning-the black bar safety net

Certificate code that each time you access the page when randomly generated pictures, the content is generally numbers and letters and more BT points of the Chinese, Oh, a visitor put the figure numbers in the letters fill in to the form submission, thus effectively preventing brute force. CAPTCH...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/06/25 12:0 a.m.102 views

SYMSA-2006-005

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-005 Advisory Title: Lanap CAPTCHA bypass exposure Author : Michael White, [email protected] and Graham Murphy, [email protected]...

5CVSS0.5AI score0.01546EPSS
Exploits0
securityvulns
securityvulns
added 2006/06/25 12:0 a.m.352 views

BotDetect ASP.NET CAPTCHA security protection bypass

It's possible to bypass protection by using replay attacks...

2AI score
Exploits0References1Affected Software1
NVD
NVD
added 2006/06/23 9:6 p.m.11 views

CVE-2006-2918

The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."...

5CVSS6.6AI score0.01546EPSS
Exploits0References8
CVE
CVE
added 2006/06/23 9:0 p.m.47 views

CVE-2006-2918

The Lanap BotDetect ASP.NET CAPTCHA component (pre-1.5.4.0) stores the CAPTCHA UUID and hash in the ViewState, allowing a remote attacker to replay a known ViewState and bypass the CAPTCHA. Symantec advisory SYMSA-2006-005 confirms the bypass and notes the vendor fixed the issue in BotDetect ASP....

5CVSS6.6AI score0.01546EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2006/06/23 9:0 p.m.23 views

CVE-2006-2918

The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."...

6.6AI score0.01546EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2006/05/31 12:0 a.m.31 views

e107 email.php Arbitrary Mail Relay

The version of e107 installed on the remote host contains a script, 'email.php' that allows an unauthenticated user to send email messages to arbitrary users and to control, to a large degree, the content of those messages. This issue can be exploited to send spam or other types of abuse through...

5CVSS5.7AI score0.0116EPSS
Exploits0References3
Prion
Prion
added 2006/02/21 2:2 a.m.11 views

Design/Logic Flaw

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent HTTPUSERAGENT, which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying tha...

7.5CVSS7.3AI score0.02927EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2006/02/21 2:2 a.m.9 views

CVE-2006-0805

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent HTTPUSERAGENT, which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying tha...

7.5CVSS6.7AI score0.02927EPSS
Exploits1References5
CVE
CVE
added 2006/02/21 2:0 a.m.47 views

CVE-2006-0805

The CVE-2006-0805 issue affects php-Nuke 6.0–7.9 where CAPTCHA uses fixed challenge/response pairs that vary only daily based on the User-Agent. An attacker can bypass CAPTCHA by fixing HTTP_USER_AGENT, performing a valid challenge/response, and replaying that pair in the random_num and gfx_check...

7.5CVSS6.7AI score0.02927EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2006/02/21 2:0 a.m.15 views

CVE-2006-0805

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent HTTPUSERAGENT, which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying tha...

6.7AI score0.02927EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2006/02/20 12:0 a.m.41 views

waraxe-2006-SA-045.txt

================================================================================ waraxe-2006-SA045 ================================================================================ Bypassing CAPTCHA in phpNuke 6.x-7.9 ================================================================================...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/02/20 12:0 a.m.35 views

[waraxe-2006-SA#045] - Bypassing CAPTCHA in phpNuke 6.x-7.9

================================================================================ waraxe-2006-SA045 ================================================================================ Bypassing CAPTCHA in phpNuke 6.x-7.9 ================================================================================...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2006/02/18 12:0 a.m.14 views

PHP-Nuke 7.x - CAPTCHA Bypass

PHP-Nuke 7.x - CAPTCHA Bypass source: https://www.securityfocus.com/bid/16722/info The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error. This may be used to carry out other attacks such as brute-force attempts against the login page. ------ real life...

Exploits0
Rows per page
Query Builder