DEBIAN-CVE-2008-0169

Plugin/passwordauth.pm aka the passwordauth plugin in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence...

CVE-2008-0169

Plugin/passwordauth.pm aka the passwordauth plugin in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence...

FreeBSD : ikiwiki -- empty password security hole (09066828-2ef1-11dd-a0d8-0016d325a0ed)

The ikiwiki development team reports : This hole allowed ikiwiki to accept logins using empty passwords to openid accounts that didn't use a password. Upgrading to a non-vulnerable ikiwiki version immediatly is recommended if your wiki allows both password and openid logins. %NASLMINLEVEL 70300 C...

ikiwiki -- empty password security hole

The ikiwiki development team reports: This hole allowed ikiwiki to accept logins using empty passwords to openid accounts that didn't use a password. Upgrading to a non-vulnerable ikiwiki version immediatly is recommended if your wiki allows both password and openid logins...

BELL-CVE-2008-2148 CVE-2008-2148 does not affect BellSoft software

Bulletin has no description...

CVE-2008-1880

The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISCPASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password...

GLSA-200804-24 : DBmail: Data disclosure

The remote host is affected by the vulnerability described in GLSA-200804-24 DBmail: Data disclosure A vulnerability in DBMail's authldap module when used in conjunction with an Active Directory server has been reported by vugluskr. When passing a zero length password to the module, it tries to...

CVE-2007-6714

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication...

Authentication flaw

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication...

CVE-2007-6714

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication...

InterVideo WinDVD Media Center远程拒绝服务漏洞

BUGTRAQ ID: 28016 WinDVD Media Center是DVD、视频、音乐和照片的软件网络媒体播放器。 WinDVD Media Center的InterVideo IMC Server（IMCSvr.exe）和InterVideo Home Theater（IHT.exe）服务中存在空指针引用漏洞，远程攻击者可能利用此漏洞导致服务器不可用。 如果远程攻击者向这些服务发送了包含有两个换行符的特制报文的话，就可能触发这个漏洞，导致受影响的进程崩溃。 InterVideo WinDVD Media Center 2.11.15.0 InterVideo ---------...

Directory traversal

Directory traversal vulnerability in the IM Server aka IMserve or IMserver in Ipswitch Instant Messaging IM 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. dot dot in the recipient field...

pigyard art Gallery - Multiple Vulnerabilities

Pigyard Art Gallery Multiple Remote Vulnerabilities Script Buy Now : http://www.pigyardgallery.com/howtobuy.php author: ZoRLu home: www.yildirimordulari.org contact: [email protected] not: msn i ekleyipte aptal aptal konusmayýn yok ben seni eklemedim sen beni ekledin vs. sorularýnýz varsa...

CVE-2007-6286

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to...

Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1

Luigi Auriemma Application: Ipswitch Instant Messaging http://www.ipswitch.com/products/instantmessaging Versions: = 2.0.8.1 Platforms: Windows Bugs: A pre-auth NULL pointer crash in decryption function B format string in logging C arbitrary empty files creation Exploitation: remote A versus both...

DEBIAN-CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages...

Perforce revision control system DoS

HTTP request with empty boy and non-zero Content-Length causes CPU exhaustion...

SuSE 10 Security Update : net-snmp (ZYPP Patch Number 4755)

This update of net-snmp fixes the following bug : - default and configurable maximum number of varbinds returnable to a GETBULK request. CVE-2007-5846 - crash when smux peers were configured with empty passwords %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

SuSE 10 Security Update : avahi (ZYPP Patch Number 3845)

Local attackers could send empty TXT data via D-BUS, causing the avahi daemon to exit. CVE-2007-3372 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

CVE-2002-2325

The c-client library in Internet Message Access Protocol IMAP dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service client crash via a MIME-encoded email with Content-Type header containing an empty boundary field...