Lucene search
K

366 matches found

securityvulns
securityvulns
added 2005/08/02 12:0 a.m.26 views

[SVadvisory] - SQL injection in OpenBook 1.2.2

SVadvisory12 Title: SQl injection Product: OpenBook Version: 1.2.2 Site: http://openbook.sourceforge.net/ Vulnerabilities Code: function authuser$userid, $password global $HTTPPOSTVARS; global $admintable; $userid=$HTTPPOSTVARS'userid'; $password=$HTTPPOSTVARS'password'; dbconnect; $query="SELECT...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2005/04/21 4:0 a.m.26 views

CVE-2001-1475

SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key VK is generated...

6.9AI score0.01538EPSS
Exploits0References2
CVE
CVE
added 2005/04/21 4:0 a.m.53 views

CVE-2001-1475

SSH before 2.0, when using RC4 and password authentication, is vulnerable to replaying messages until a new server key is generated. The affected component is the SSH protocol implementation prior to 2.0, with the underlying issue arising from RC4-based session handling that allows remote attacke...

7.5CVSS7.3AI score0.01538EPSS
Exploits0References2Affected Software1
Ubuntu
Ubuntu
added 2004/11/30 8:29 p.m.76 views

USN-34-1: OpenSSH information leakage

@Mediaservice.net discovered two information leaks in the OpenSSH server. When using password authentication, an attacker could test whether a login name exists by measuring the time between failed login attempts, i. e. the time after which the "password:" prompt appears again. A similar issue...

5CVSS6.9AI score0.76751EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.22 views

Debian DSA-144-1 : wwwoffle - improper input handling

A problem with wwwoffle has been discovered. The web proxy didn't handle input data with negative Content-Length settings properly which causes the processing child to crash. It is at this time not obvious how this can lead to an exploitable vulnerability; however, it's better to be safe than...

7.5CVSS5.3AI score0.04052EPSS
Exploits0References2
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.18 views

CVE-2004-0044

Cisco Personal Assistant 1.41 and 1.42 disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username...

7.3AI score0.01684EPSS
Exploits0References4
CVE
CVE
added 2004/09/01 4:0 a.m.47 views

CVE-2004-0044

Cisco Personal Assistant 1.4(1) and 1.4(2) are affected. The issue arises when the product’s configuration uses the Corporate Directory settings tied to Cisco CallManager’s directory service and the setting “Allow Only Cisco CallManager Users” is enabled; this causes password authentication to be...

7.5CVSS7.7AI score0.01684EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.11 views

SQL Server Cleartext 'sa' Account 'admin' Password Authentication (deprecated)

Binary data 1125.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.8 views

SQL Server Cleartext 'probe' Account 'probe' Password Authentication (deprecated)

Binary data 1128.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.11 views

SQL Server Cleartext 'sa' Account 'password' Password Authentication (deprecated)

Binary data 1123.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.13 views

SQL Server Cleartext 'sa' Account 'sql' Password Authentication (deprecated)

Binary data 1131.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.11 views

SQL Server Cleartext 'admin' Account 'admin' Password Authentication (deprecated)

Binary data 1127.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.9 views

SQL Server Cleartext 'admin' Account 'password' Password Authentication (deprecated)

Binary data 1132.prm...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2004/07/15 12:0 a.m.12 views

MapInfo Discovery 1.01.1 - MapFrame.asp?mapname Cross-Site Scripting

MapInfo Discovery 1.01.1 - MapFrame.asp?mapname Cross-Site Scripting source: https://www.securityfocus.com/bid/10927/info Multiple remote vulnerabilities are reported in MapInfo Discovery. The first issue is reported to be an information disclosure vulnerability. An attacker may gain access to...

0.2AI score
Exploits0
CERT
CERT
added 2004/07/12 12:0 a.m.64 views

MySQL fails to properly evaluate zero-length strings in the check_scramble_323() function

Overview There is a vulnerability in the password authentication mechanism of MySQL which could allow an attacker to bypass authentication by supplying a zero-length string. Description MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating...

10CVSS6.3AI score0.69647EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2004/03/14 12:0 a.m.13 views

F-Secure SSH Password Authentication Policy Evasion

According to its banner, the version of F-Secure SSH running on the remote host allows a user to log in using a password, even though the server policy disallows it. An attacker could exploit this flaw to run a dictionary attack against the SSH server. C Tenable Network Security, Inc...

5.5AI score
Exploits0
NVD
NVD
added 2004/02/03 5:0 a.m.16 views

CVE-2004-0044

Cisco Personal Assistant 1.41 and 1.42 disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username...

7.5CVSS7.3AI score0.01684EPSS
Exploits0References4
exploitpack
exploitpack
added 2003/08/09 12:0 a.m.19 views

MDaemon SMTP Server 5.0.5 - Null Password Authentication

MDaemon SMTP Server 5.0.5 - Null Password Authentication source: https://www.securityfocus.com/bid/8382/info A vulnerability has been reported to affect the MDaemon SMTP authentication handler. It has been reported that any valid username or account can be used in conjunction with a null password...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/08/09 12:0 a.m.29 views

MDaemon SMTP Server 5.0.5 - Null Password Authentication

source: https://www.securityfocus.com/bid/8382/info A vulnerability has been reported to affect the MDaemon SMTP authentication handler. It has been reported that any valid username or account can be used in conjunction with a null password, to access the MDaemon SMTP server. This issue may be...

7.4AI score
Exploits0
CERT
CERT
added 2003/06/06 12:0 a.m.47 views

Vulnerability in OpenSSH daemon (sshd)

Overview A vulnerability in the OpenSSH daemon sshd may give remote attackers a better chance of gaining access to restricted resources. Description OpenSSH is an implementation of the Secure Shell protocol. It is used to provide strong authentication and cryptographically secure communications...

7.5CVSS7.8AI score0.05766EPSS
Exploits1References5
Rows per page
Query Builder