366 matches found
[SVadvisory] - SQL injection in OpenBook 1.2.2
SVadvisory12 Title: SQl injection Product: OpenBook Version: 1.2.2 Site: http://openbook.sourceforge.net/ Vulnerabilities Code: function authuser$userid, $password global $HTTPPOSTVARS; global $admintable; $userid=$HTTPPOSTVARS'userid'; $password=$HTTPPOSTVARS'password'; dbconnect; $query="SELECT...
CVE-2001-1475
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key VK is generated...
CVE-2001-1475
SSH before 2.0, when using RC4 and password authentication, is vulnerable to replaying messages until a new server key is generated. The affected component is the SSH protocol implementation prior to 2.0, with the underlying issue arising from RC4-based session handling that allows remote attacke...
USN-34-1: OpenSSH information leakage
@Mediaservice.net discovered two information leaks in the OpenSSH server. When using password authentication, an attacker could test whether a login name exists by measuring the time between failed login attempts, i. e. the time after which the "password:" prompt appears again. A similar issue...
Debian DSA-144-1 : wwwoffle - improper input handling
A problem with wwwoffle has been discovered. The web proxy didn't handle input data with negative Content-Length settings properly which causes the processing child to crash. It is at this time not obvious how this can lead to an exploitable vulnerability; however, it's better to be safe than...
CVE-2004-0044
Cisco Personal Assistant 1.41 and 1.42 disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username...
CVE-2004-0044
Cisco Personal Assistant 1.4(1) and 1.4(2) are affected. The issue arises when the product’s configuration uses the Corporate Directory settings tied to Cisco CallManager’s directory service and the setting “Allow Only Cisco CallManager Users” is enabled; this causes password authentication to be...
SQL Server Cleartext 'sa' Account 'admin' Password Authentication (deprecated)
Binary data 1125.prm...
SQL Server Cleartext 'probe' Account 'probe' Password Authentication (deprecated)
Binary data 1128.prm...
SQL Server Cleartext 'sa' Account 'password' Password Authentication (deprecated)
Binary data 1123.prm...
SQL Server Cleartext 'sa' Account 'sql' Password Authentication (deprecated)
Binary data 1131.prm...
SQL Server Cleartext 'admin' Account 'admin' Password Authentication (deprecated)
Binary data 1127.prm...
SQL Server Cleartext 'admin' Account 'password' Password Authentication (deprecated)
Binary data 1132.prm...
MapInfo Discovery 1.01.1 - MapFrame.asp?mapname Cross-Site Scripting
MapInfo Discovery 1.01.1 - MapFrame.asp?mapname Cross-Site Scripting source: https://www.securityfocus.com/bid/10927/info Multiple remote vulnerabilities are reported in MapInfo Discovery. The first issue is reported to be an information disclosure vulnerability. An attacker may gain access to...
MySQL fails to properly evaluate zero-length strings in the check_scramble_323() function
Overview There is a vulnerability in the password authentication mechanism of MySQL which could allow an attacker to bypass authentication by supplying a zero-length string. Description MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating...
F-Secure SSH Password Authentication Policy Evasion
According to its banner, the version of F-Secure SSH running on the remote host allows a user to log in using a password, even though the server policy disallows it. An attacker could exploit this flaw to run a dictionary attack against the SSH server. C Tenable Network Security, Inc...
CVE-2004-0044
Cisco Personal Assistant 1.41 and 1.42 disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username...
MDaemon SMTP Server 5.0.5 - Null Password Authentication
MDaemon SMTP Server 5.0.5 - Null Password Authentication source: https://www.securityfocus.com/bid/8382/info A vulnerability has been reported to affect the MDaemon SMTP authentication handler. It has been reported that any valid username or account can be used in conjunction with a null password...
MDaemon SMTP Server 5.0.5 - Null Password Authentication
source: https://www.securityfocus.com/bid/8382/info A vulnerability has been reported to affect the MDaemon SMTP authentication handler. It has been reported that any valid username or account can be used in conjunction with a null password, to access the MDaemon SMTP server. This issue may be...
Vulnerability in OpenSSH daemon (sshd)
Overview A vulnerability in the OpenSSH daemon sshd may give remote attackers a better chance of gaining access to restricted resources. Description OpenSSH is an implementation of the Secure Shell protocol. It is used to provide strong authentication and cryptographically secure communications...