Lucene search
+L

2133 matches found

cert
cert
added 2001/10/26 12:0 a.m.28 views

Air Messenger LAN Server (AMLServer) stores usernames and passwords in plaintext

Overview Air Messenger LAN Server AMLServer stores usernames and passwords in plaintext. Description AMLServer for windows is a paging gateway that allows users on a TCP/IP LAN to communicate with mobile devices such as phones and pagers. Access to AMLServer's services is protected by a user...

5CVSS6.6AI score0.01096EPSS
Exploits0References1
exploitpack
exploitpack
added 2001/10/13 12:0 a.m.20 views

PostNuke 0.6 - User Login

PostNuke 0.6 - User Login source: https://www.securityfocus.com/bid/3435/info PostNuke, successor to PHPNuke, is a content management system written in PHP. PostNuke versions 0.62 to 0.64 suffer from a vulnerability that allows a remote user to log-in as any user with known username and ID withou...

7.4AI score
Exploits0
cve
cve
added 2001/09/12 4:0 a.m.47 views

CVE-1999-1133

CVE-1999-1133 affects HP-UX 9.x and 10.x running X Windows. Local attackers can gain privileges via the unauthenticated components vuefile, vuepad, dtfile, or dtpad. The provided sources describe the vulnerable components and the privilege escalation vector but do not specify a patch or remediati...

4.6CVSS7.5AI score0.00471EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2001/07/06 12:0 a.m.48 views

ISS Security Advisory: Remote Buffer Overflow in Multiple RADIUS Implementations

Internet Security Systems Security Advisory July 5, 2001 Remote Buffer Overflow in Multiple RADIUS Implementations Synopsis: ISS X-Force has discovered buffer overflow vulnerabilities in two popular Remote Authentication Dial-In User Server RADIUS implementations. RADIUS was originally designed t...

10CVSS0.4AI score0.0666EPSS
Exploits0
securityvulns
securityvulns
added 2001/06/28 12:0 a.m.49 views

Несанкционированный доступ через HTTP в Cisco (unauthorized access).

Можно обойти проверку имени/пароля пользователя...

1AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2001/06/12 12:0 a.m.12 views

Rumpus FTP Server 1.3.x2.0.3 - Stack Overflow Denial of Service

Rumpus FTP Server 1.3.x2.0.3 - Stack Overflow Denial of Service source: https://www.securityfocus.com/bid/2864/info Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. Rumpus FTP is prone to a denial of service. An ftp user can engage the attack b...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/02/23 12:0 a.m.26 views

More on Ultimate Bullering Board

In response to Scott Ashman's post about UBB. After i discovered this bug last week i tried to contact infopop on 3 email adresses from their contact page i finally managed to find one that didn't bounce, but i haven't recieved any response yet. Anyway, Scott describes a way to retrieve other...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2001/02/20 12:0 a.m.34 views

Adcycle 0.78b Authentication

|---------------------------------------------------------------------------------| / Product: Adcycle Banner Rotation. Vendor URL: www.adcycle.com / Tested on: v0.77 - 0.78b Freeware Linux Vendor Contact: Mailed on 15th January i think Twice with NO reply / Other: Commericial version NOT tested...

8.5AI score
Exploits0
exploitpack
exploitpack
added 2001/01/10 12:0 a.m.25 views

WebMaster ConferenceRoom 1.8 Developer Edition - Denial of Service

WebMaster ConferenceRoom 1.8 Developer Edition - Denial of Service source: https://www.securityfocus.com/bid/2178/info WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/11/20 12:0 a.m.49 views

Decrypting passwords for SmartServer 3

Product: Smart Server 3 by NetCPlus Version: 3.75 others? OS: Windows NT/2000/9x Description: SmartServer3 SS3 is a small business email server from NetCPlus. It installs by default in C:Program Filessmartserver3 . In this folder it stores a configuration file called 'dialsrv.ini' . This file is...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/10/30 12:0 a.m.99 views

Brute Forcing FTP Servers with enabled anti-hammering (anti brute-force) modus

Brute Forcing FTP Servers with enabled anti-hammering ant brute-force modus ----------------------------------------------------------------------------- While playing around with Serv-U FTP Server, I found out that it is possible to bypass it's hammering protection which should protect accounts...

7AI score
Exploits0
cve
cve
added 2000/10/13 4:0 a.m.50 views

CVE-2000-0627

BlackBoard CourseInfo 4.0 is affected by an authentication flaw that allows local users to modify CourseInfo database information and gain privileges by directly calling supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. The provided documents do not include remediati...

7.5CVSS6.6AI score0.01472EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2000/10/13 4:0 a.m.29 views

CVE-2000-0627

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as userupdatepasswd.pl and userupdateadmin.pl...

6.2AI score0.01472EPSS
Exploits1References4
exploitpack
exploitpack
added 2000/08/22 12:0 a.m.15 views

Darxite 0.4 - Login Buffer Overflow

Darxite 0.4 - Login Buffer Overflow // source: https://www.securityfocus.com/bid/1598/info Darxite 0.4 does not do proper bounds checking on user-supplied data during the login process, relying on sprintf to deliver the data into a 256 character buffer. Therefore, it is possible for an attacker t...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2000/08/17 12:0 a.m.22 views

Проблема в Firewall-1 Session Agent

При авторизации отдельно проверяется имя пользователя и пароль, кроме того не установлено максимальное число попыток...

0.5AI score
Exploits0References1Affected Software1
nvd
nvd
added 2000/08/03 4:0 a.m.14 views

CVE-2000-0278

The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user...

5CVSS6.7AI score0.05253EPSS
Exploits1References2
exploitpack
exploitpack
added 2000/07/21 12:0 a.m.21 views

WFTPD 2.4.1RC11 - STATLIST Denial of Service

WFTPD 2.4.1RC11 - STATLIST Denial of Service source: https://www.securityfocus.com/bid/1506/info WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. 1 Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. 2 If the REST command is used to wri...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/07/19 12:0 a.m.38 views

Blackboard Courseinfo v4.0 User Authentication

Apparently Courseinfo or at least the implementation I was playing with has no user authentication, meaning that anyone can force feed their own form values and Perl with merrily modify the database. So for instance running: all form input is in caps for readability...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/05/16 12:0 a.m.45 views

Дыра в AllManage

Возможно обойти авторизацию пользователя, получить доступ к административному паролю и конфигурационным файлам...

0.4AI score
Exploits0References2Affected Software1
cve
cve
added 2000/04/12 4:0 a.m.62 views

CVE-2000-0244

The CVE-2000-0244 entry concerns the Citrix ICA (Independent Computing Architecture) protocol, which uses weak encryption (XOR) for user authentication. According to the provided data, the vulnerability has a CVSS v2 base score of 10.0 (HIGH) with network attack vector, no authentication required...

10CVSS7AI score0.02326EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder