Lucene search
K

560 matches found

Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.36 views

Amazon Linux AMI : pam (ALAS-2014-354)

Multiple directory traversal vulnerabilities in pamtimestamp.c in the pamtimestamp module for Linux-PAM aka pam 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. dot dot in the 1 PAMRUSER value to the getruser function or 2 PAMTTY value to the checktty...

5.8CVSS5.9AI score0.04121EPSS
Exploits2References3
Prion
Prion
added 2014/10/10 1:55 a.m.18 views

Unrestricted file upload

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated...

5CVSS7.2AI score0.03002EPSS
Exploits2References6Affected Software1
Packet Storm
Packet Storm
added 2014/09/23 12:0 a.m.58 views

X2Engine 4.1.7 Unrestricted File Upload

-------------------------------------------------------------------------------- X2Engine = 4.1.7 FileUploadsFilter.php Unrestricted File Upload Vulnerability -------------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected...

5CVSS0.03002EPSS
Exploits2
NVD
NVD
added 2014/05/08 2:29 p.m.23 views

CVE-2013-7041

The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...

4.3CVSS6.3AI score0.02484EPSS
Exploits0References9
OSV
OSV
added 2014/05/08 2:29 p.m.2 views

DEBIAN-CVE-2013-7041

The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...

4.3CVSS6.9AI score0.02484EPSS
Exploits0References1
OSV
OSV
added 2014/05/08 2:29 p.m.8 views

CVE-2013-7041

The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...

6.4AI score
Exploits0References9
Prion
Prion
added 2014/05/08 2:29 p.m.23 views

Design/Logic Flaw

The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...

4.3CVSS6.9AI score0.02484EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2014/05/08 12:0 a.m.29 views

CVE-2013-7041

The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...

4.3CVSS6.5AI score0.02484EPSS
Exploits0References3
OSV
OSV
added 2014/05/08 12:0 a.m.3 views

UBUNTU-CVE-2013-7041

The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...

4.3CVSS6.4AI score0.02484EPSS
Exploits0References4
Metasploit
Metasploit
added 2013/12/26 12:1 p.m.58 views

IBM Lotus Notes Sametime User Enumeration

This module extracts usernames using the IBM Lotus Notes Sametime web interface using either a dictionary attack which is preferred, or a bruteforce attack trying all usernames of MAXDEPTH length or less. This module requires Metasploit: https://metasploit.com/download Current source:...

5CVSS7.1AI score0.13151EPSS
Exploits2
Nmap
Nmap
added 2013/08/18 1:42 a.m.731 views

http-default-accounts NSE Script

Tests for access with default credentials used by a variety of web applications and devices. It works similar to http-enum, we detect applications by matching known paths and launching a login routine using default credentials when found. This script depends on a fingerprint file containing the...

10CVSS9.5AI score0.99448EPSS
Exploits33
Oracle linux
Oracle linux
added 2013/02/27 12:0 a.m.40 views

ipa security, bug fix and enhancement update

3.0.0-25.el6 - Filter generated winbind dependencies so the right version of samba can be installed. 905594 3.0.0-24.el6 - Add certmonger condrestart to server post scriptlet 903758 - Make certmonger a pre Requires 903758 - Add selinux-policy to Requirespre to avoid post scriptlet AVCs 903758 - S...

7.9CVSS9.1AI score0.01838EPSS
Exploits0
Prion
Prion
added 2010/09/21 8:0 p.m.23 views

Design/Logic Flaw

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar...

5.5CVSS6.7AI score0.0159EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2009/06/22 7:30 p.m.3 views

CVE-2009-2161

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter, in conjunction with a modified component name...

5.1CVSS5.7AI score0.02427EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2008/10/07 12:0 a.m.35 views

Debian DSA-1645-1 : lighttpd - various

Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4298 A memory leak in the httprequestparse function could be used by remote...

7.5CVSS7.2AI score0.04345EPSS
Exploits2References7
Debian
Debian
added 2008/10/06 5:29 p.m.28 views

[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

------------------------------------------------------------------------ Debian Security Advisory DSA-1645-1 [email protected] http://www.debian.org/security/ Steve Kemp October 06, 2008 http://www.debian.org/security/faq -...

7.5CVSS6.9AI score0.04345EPSS
Exploits2
OSV
OSV
added 2008/10/06 12:0 a.m.36 views

DSA-1645-1 lighttpd - various problems

Bulletin has no description...

7.5CVSS7.4AI score0.04345EPSS
Exploits2
securityvulns
securityvulns
added 2008/10/06 12:0 a.m.68 views

[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1645-1 [email protected] http://www.debian.org/security/ Steve Kemp October 06, 2008 http://www.debian.org/security/faq -...

7.8CVSS0.04345EPSS
Exploits2
OSV
OSV
added 2008/10/03 5:41 p.m.8 views

CVE-2008-4360

moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...

6.5AI score
Exploits0References30
OSV
OSV
added 2008/10/03 5:41 p.m.4 views

DEBIAN-CVE-2008-4360

moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...

7.5CVSS7AI score0.04345EPSS
Exploits1References1
Rows per page
Query Builder