16 matches found
CVE-2026-47783
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...
CVE-2018-25165
Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract...
Nmap NSE 6.01: ftp-brute
Performs brute force password auditing against FTP servers. This uses the standard unpwdb username/password list. However, in tests FTP servers are significantly slower than other servers when responding, so the number of usernames/passwords can be artificially limited using script arguments...
Nmap NSE 6.01: pop3-brute
Tries to log into a POP3 account by guessing usernames and passwords. SYNTAX: userdb: The filename of an alternate username database. pop3loginmethod: The login method to use: ''USER'' default, ''SASL-PLAIN'', ''SASL-LOGIN'', ''SASL-CRAM-MD5'', or ''APOP''. unpwdb.passlimit: The maximum number of...
Nmap NSE 6.01: telnet-brute
Tries to get Telnet login credentials by guessing usernames and passwords. SYNTAX: userdb: The filename of an alternate username database. unpwdb.passlimit: The maximum number of passwords 'passwords' will return default unlimited. passdb: The filename of an alternate password database...
Nmap NSE 6.01: smb-brute
Attempts to guess username/password combinations over SMB, storing discovered combinations for use in other scripts. Every attempt will be made to get a valid list of users and to verify each username before actually using them. When a username is discovered, besides being printed, it is also sav...
Nmap NSE 6.01: snmp-brute
Attempts to find an SNMP community string by brute force guessing. This script opens a sending socket and a sniffing pcap socket in parallel threads. The sending socket sends the SNMP probes with the community strings, while the pcap socket sniffs the network for an answer to the probes. If valid...
Nmap NSE net: ms-sql-brute
Performs password guessing against Microsoft SQL Server ms-sql. SYNTAX: userdb: The filename of an alternate username database. passdb: The filename of an alternate password database. mssql.timeout: How long to wait for SQL responses. This is a number followed by 'ms' for milliseconds, 's' for...
Nmap NSE net: drda-brute
Performs password guessing against databases supporting the IBM DB2 protocol such as Informix, DB2 and Derby SYNTAX: userdb: The filename of an alternate username database. drda-brute.threads: the amount of accounts to attempt to brute force in parallel default 10. unpwdb.userlimit: The maximum...
Nmap NSE net: pop3-brute
Tries to log into a POP3 account by guessing usernames and passwords. SYNTAX: userdb: The filename of an alternate username database. pop3loginmethod: The login method to use: ''USER'' default, ''SASL-PLAIN'', ''SASL-LOGIN'', ''SASL-CRAM-MD5'', or ''APOP''. unpwdb.passlimit: The maximum number of...
Nmap NSE net: netbus-brute
Performs brute force password auditing against the Netbus backdoor 'remote administration' service. SYNTAX: userdb: The filename of an alternate username database. unpwdb.passlimit: The maximum number of passwords 'passwords' will return default unlimited. passdb: The filename of an alternate...
Nmap NSE net: mysql-brute
Performs password guessing against MySQL SYNTAX: userdb: The filename of an alternate username database. unpwdb.passlimit: The maximum number of passwords 'passwords' will return default unlimited. passdb: The filename of an alternate password database. unpwdb.userlimit: The maximum number of...
Nmap NSE net: telnet-brute
Tries to get Telnet login credentials by guessing usernames and passwords. SYNTAX: userdb: The filename of an alternate username database. unpwdb.passlimit: The maximum number of passwords 'passwords' will return default unlimited. passdb: The filename of an alternate password database...
Nmap NSE net: domino-enum-users
Attempts to discover valid IBM Lotus Domino users and download their ID files by exploiting the CVE-2006-5835 vulnerability. SYNTAX: userdb: The filename of an alternate username database. domino-id.username: the name of the user from which to retrieve the ID. If this parameter is not specified,...
Nmap NSE net: ldap-brute
Attempts to brute-force LDAP authentication. By default it uses the built-in username and password lists. In order to use your own lists use the 'userdb' and 'passdb' script arguments. This script does not make any attempt to prevent account lockout! If the number of passwords in the dictionary...
Nmap NSE net: ftp-brute
Tries to get FTP login credentials by guessing usernames and passwords. This uses the standard unpwdb username/password list. However, in tests FTP servers are significantly slower than other servers when responding, so the number of usernames/passwords can be artificially limited using script...