CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information...

5CVSS6.7AI score0.00419EPSS

Exploits1References1

Prion•added 2022/12/26 8:15 p.m.•13 views

Code injection

In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, an attacker can identify valid usernames...

5CVSS5.4AI score0.00159EPSS

Exploits0References1Affected Software1

CNVD•added 2022/06/28 12:0 a.m.•23 views

MELAG FTP Server User Enumeration Vulnerability

MELAG FTP Server is an FTP server from the German company MELAG. version 2.2.0.4 of MELAG FTP Server is vulnerable to a user enumeration vulnerability, which stems from the fact that the program presents different responses to users and non-users, and can be exploited by attackers to identify...

5.3CVSS3.5AI score0.00232EPSS

Exploits1References1

Packet Storm•added 2011/05/01 12:0 a.m.•29 views

Asterisk 1.8.x SIP User Enumeration

Asterisk, sip response permit username identification through use INVITE Author: francesco.tornieri "At" verona-wireless.net Summary: Sip responses permit user identification Release Date: 01/05/2011 Criticality level: Low Impact: Information leak Software: Asterisk 1.8.x tested 1.8.3.2...

7.4AI score

Exploits0

CVE•added 2005/07/14 4:0 a.m.•42 views

CVE-2000-1237

The CVE-2000-1237 entry concerns the POP3 server in FTGate. The vulnerability arises because the server returns an -ERR response after receiving an invalid USER command, which can be used by a remote attacker to enumerate valid usernames and facilitate brute-force password guessing. Affected comp...

5CVSS7.4AI score0.00346EPSS

Exploits0References2Affected Software1

CVE•added 2005/02/20 5:0 a.m.•71 views

CVE-2004-1602

ProFTPD 1.2.x (including 1.2.8 and 1.2.10) is vulnerable to username enumeration via timing differences in responses, enabling remote attackers to identify valid usernames. Root cause: timing-based information disclosure in login handling. Affected products: ProFTPD before 1.2.11. Impact: partial...

5CVSS6.7AI score0.00776EPSS

Exploits1References5Affected Software1

CVE•added 2004/01/14 5:0 a.m.•61 views

CVE-2004-0042

CVE-2004-0042 concerns vsftpd 1.1.3, where the login error messages differ based on whether a supplied username exists. The underlying effect is information disclosure: remote attackers can determine valid usernames on the server. The available connected sources corroborate the version (vsftpd 1....

5CVSS6.7AI score0.00497EPSS

Exploits0References1Affected Software1

Cvelist•added 2001/01/22 5:0 a.m.•16 views

CVE-2000-1032

The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall...

6.9AI score0.0118EPSS

Exploits1References4

NVD•added 2000/12/19 5:0 a.m.•17 views

CVE-2000-0938

Samba Web Administration Tool SWAT in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server...

5CVSS6.6AI score0.00669EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by