4096 matches found
Foundry Networks ServerIron don't decode URIs
Date : 13/03/2002 . By : Frank DENIS [email protected] Vendor : Foundry Networks http://www.foundrynet.com . Product: ServerIron web switches. Summary: Vulnerability in URI parsing code allows to bypass rules. ------------------- DESCRIPTION ------------------- Foundry Networks' ServerIron Family...
CVE-1999-1359
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies...
CVE-2001-1406
processbug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent...
Ошибки в Oracle 8i Enterprise Edition server
Ошибки в группах тестирования ошибок запросов LDAP - 46 или 77 приводят к ошибкам форматной строки или срыву стека в приложениях использующих эти группы...
LPRng 3.6.x - Failure To Drop Supplementary Groups
/ source: https://www.securityfocus.com/bid/2865/info The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. When the LPRng daemon is initialized, it fails to drop its supplementary groups. As a result, the daemon and any child...
LPRng 3.6.x - Failure To Drop Supplementary Groups
LPRng 3.6.x - Failure To Drop Supplementary Groups / source: https://www.securityfocus.com/bid/2865/info The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. When the LPRng daemon is initialized, it fails to drop its supplementa...
CVE-2001-0102
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password...
CVE-1999-0603
In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc...
CVE-1999-1359
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies...
MacOS_encryption.txt
Subject: MacOS system encryption algorithm To: [email protected] The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and depends on Users & Group...
MacOS_encryption_algorithm.txt
Subject: MacOS system encryption algorithm 3 To: [email protected] Sometime ago, Dawid adix Adamski sent to bugtraq the encryption algorithm in MacOS personal AppleShare server he found. I have been researching a little on this subject, and I've found his code fails when decoding the firs...
CVE-1999-1543
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File...
Apple Mac OS 8 8.6 - Weak Password Encryption
source: https://www.securityfocus.com/bid/519/info The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and depends on Users & Groups configuration, but i...
Apple Mac OS 8 8.6 - Weak Password Encryption
Apple Mac OS 8 8.6 - Weak Password Encryption source: https://www.securityfocus.com/bid/519/info The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and...
CVE-2020-5220: Ability to define unintended serialisation groups via HTTP header which might lead to data exposure
Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...
CVE-2020-5220: Ability to define unintended serialisation groups via HTTP header which might lead to data exposure
Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...