Lucene search
+L

2192 matches found

cvelist
cvelist
added 2003/05/02 12:0 a.m.28 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

9.2AI score0.76751EPSS
Exploits10References10
exploitpack
exploitpack
added 2003/04/16 12:0 a.m.16 views

Cerberus FTP Server 2.1 - Information Disclosure

Cerberus FTP Server 2.1 - Information Disclosure source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may...

7.2AI score
Exploits0
exploitdb
exploitdb
added 2003/04/16 12:0 a.m.23 views

Cerberus FTP Server 2.1 - Information Disclosure

source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness in error handling to disclose val...

7.4AI score
Exploits0
nvd
nvd
added 2003/03/31 5:0 a.m.15 views

CVE-2002-1530

The administrative web interface STEMWADM for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form...

5CVSS6.4AI score0.05888EPSS
Exploits1References3
exploitpack
exploitpack
added 2003/03/11 12:0 a.m.18 views

Qpopper 34 - Username Information Disclosure

Qpopper 34 - Username Information Disclosure source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small...

7.2AI score
Exploits0
exploitdb
exploitdb
added 2003/03/11 12:0 a.m.29 views

Qpopper 3/4 - 'Username' Information Disclosure

source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the clien...

7.4AI score
Exploits0
nvd
nvd
added 2002/12/31 5:0 a.m.14 views

CVE-2002-2335

Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php...

5CVSS6.6AI score0.02661EPSS
Exploits0References3
nvd
nvd
added 2002/12/31 5:0 a.m.11 views

CVE-2002-2410

openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information...

5CVSS6.3AI score0.01309EPSS
Exploits1References3
nvd
nvd
added 2002/12/31 5:0 a.m.16 views

CVE-2002-1903

Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information...

5CVSS6.5AI score0.01448EPSS
Exploits0References3
osv
osv
added 2002/12/18 5:0 a.m.9 views

DEBIAN-CVE-2002-1347

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 long inputs during user name canonicalization, 2 characters that need to be escaped during LDAP authentication using saslauthd, or 3 an...

9.8CVSS7.9AI score0.07078EPSS
Exploits0References1
securityvulns
securityvulns
added 2002/10/03 12:0 a.m.38 views

wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server

Westpoint Security Advisory Title: Multiple Vulnerabilities in SuperScout Web Reports Server Risk Rating: High Software: SurfControl SuperScout WebFilter Platforms: Win32 WinNT/ Win2k Vendor URL: www.surfcontrol.com Author: Matt Moore [email protected] Date: 1st October 2002 Advisory ID:...

7.5CVSS0.2AI score0.03489EPSS
Exploits0
securityvulns
securityvulns
added 2002/09/04 12:0 a.m.40 views

Firewall-1 usernames detection

PKI aggressive mode replies are different for existing and non-existing usernames...

2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/07/26 12:0 a.m.21 views

KaZaa v1.7.1 Denial of Service Attack

Submitted by : Josh [email protected], omega [email protected] on July 25th, 2002 Vulnerability : KaZaa Denial of Service Attack Tested On : KaZaa v1.7.1 Remote : Yes Fix : KaZaa v1.7.2 has been released and is a fix for the problem Big Thanks To : SooT for letting me crash your system a lot...

0.2AI score
Exploits0
cvelist
cvelist
added 2002/06/11 4:0 a.m.31 views

CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting 1 XSQLConfig.xml or 2 soapConfig.xml through a virtual directory...

8.4AI score0.75176EPSS
Exploits0References5
nvd
nvd
added 2002/05/31 4:0 a.m.16 views

CVE-2002-0310

Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations 1 testweb/newstest, 2 alwn3845/imaptest, 3 alwi3845/wtest3452, or 4...

7.5CVSS7AI score0.01571EPSS
Exploits0References3
cvelist
cvelist
added 2002/05/03 4:0 a.m.19 views

CVE-2002-0310

Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations 1 testweb/newstest, 2 alwn3845/imaptest, 3 alwi3845/wtest3452, or 4...

7AI score0.01571EPSS
Exploits0References3
cvelist
cvelist
added 2002/05/03 4:0 a.m.18 views

CVE-2002-0212

The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack...

6.7AI score0.01588EPSS
Exploits0References4
cvelist
cvelist
added 2002/05/03 4:0 a.m.20 views

CVE-2001-1338

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system...

6.7AI score0.01979EPSS
Exploits0References5
securityvulns
securityvulns
added 2002/04/16 12:0 a.m.66 views

Nortel CVX 1800s will dump all local user names and passwords via SNMP

The Nortel CVX 1800 is a modem bank containing up to 2600 modems per box. Many ISP's are using them for their dial-up customers. While querying the CVX-1800 for SNMP codes to use in a modem statistics program I was writing, I discovered the CVX-1800 will spill out all user names and passwords in...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2002/04/02 12:0 a.m.48 views

Buffer overflows in Sambar

Buffer overflows in long username and in few CGIs...

3.8AI score
Exploits0References2Affected Software1
Rows per page
Query Builder