Authentication flaw

Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password...

CVE-2010-1596

Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password...

CVE-2010-1596

Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password...

issuelinkssmall.jsp has an XSS hole via the URL used to access it

The issuelinkssmall.jsp has an XSS hole, where if the URL contains an XSS string, the ww:url tag will include that tag in the page because the value attribute was left empty...

issuelinkssmall.jsp has an XSS hole via the URL used to access it

The issuelinkssmall.jsp has an XSS hole, where if the URL contains an XSS string, the ww:url tag will include that tag in the page because the value attribute was left empty...

RedHat Update for brltty RHSA-2010:0181-05

Check for the Version of brltty OpenVAS Vulnerability Test RedHat Update for brltty RHSA-2010:0181-05 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CVE-2010-1238

MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values...

Design/Logic Flaw

MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values...

ms-sql-empty-password NSE Script

Attempts to authenticate to Microsoft SQL Servers using an empty password for the sysadmin sa account. SQL Server credentials required: No will not benefit from mssql.username & mssql.password. Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or mssql.instance-po...

CVE-2010-1237

Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service memory error or possibly have unspecified other impact via an empty SVG element...

PYSEC-2010-15

Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured...

mysql-empty-password NSE Script

Checks for MySQL servers with an empty password for root or anonymous. See also: mysql-brute.nse Example Usage nmap -sV --script=mysql-empty-password Script Output 3306/tcp open mysql | mysql-empty-password: | anonymous account has empty password | root account has empty password Requires mysql...

Design/Logic Flaw

Microsoft Internet Information Services IIS, when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : colon and a safe extension, as demonstrate...

CVE-2009-4445

Microsoft Internet Information Services IIS, when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : colon and a safe extension, as demonstrate...

Mozilla SSL spoofing with document.location and empty SSL response page

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content aka 204 status code and an empty...

CVE-2009-4095

myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information...

Authentication flaw

myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information...

CVE-2009-4095

myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information...

CVE-2009-4095

CVE-2009-4095 affects myPhile 1.2.1, enabling remote attackers to bypass authentication with an empty password. The connected documents confirm the affected product and the root cause (empty-password authentication bypass) and reiterate the same impact. No remediation, patch version, or exploitat...

CVE-2009-3934

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclientimpl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated ...