2192 matches found
CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
Cerberus FTP Server 2.1 - Information Disclosure
Cerberus FTP Server 2.1 - Information Disclosure source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may...
Cerberus FTP Server 2.1 - Information Disclosure
source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness in error handling to disclose val...
CVE-2002-1530
The administrative web interface STEMWADM for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form...
Qpopper 34 - Username Information Disclosure
Qpopper 34 - Username Information Disclosure source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small...
Qpopper 3/4 - 'Username' Information Disclosure
source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the clien...
CVE-2002-2335
Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php...
CVE-2002-2410
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information...
CVE-2002-1903
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information...
DEBIAN-CVE-2002-1347
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 long inputs during user name canonicalization, 2 characters that need to be escaped during LDAP authentication using saslauthd, or 3 an...
wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
Westpoint Security Advisory Title: Multiple Vulnerabilities in SuperScout Web Reports Server Risk Rating: High Software: SurfControl SuperScout WebFilter Platforms: Win32 WinNT/ Win2k Vendor URL: www.surfcontrol.com Author: Matt Moore [email protected] Date: 1st October 2002 Advisory ID:...
Firewall-1 usernames detection
PKI aggressive mode replies are different for existing and non-existing usernames...
KaZaa v1.7.1 Denial of Service Attack
Submitted by : Josh [email protected], omega [email protected] on July 25th, 2002 Vulnerability : KaZaa Denial of Service Attack Tested On : KaZaa v1.7.1 Remote : Yes Fix : KaZaa v1.7.2 has been released and is a fix for the problem Big Thanks To : SooT for letting me crash your system a lot...
CVE-2002-0568
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting 1 XSQLConfig.xml or 2 soapConfig.xml through a virtual directory...
CVE-2002-0310
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations 1 testweb/newstest, 2 alwn3845/imaptest, 3 alwi3845/wtest3452, or 4...
CVE-2002-0310
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations 1 testweb/newstest, 2 alwn3845/imaptest, 3 alwi3845/wtest3452, or 4...
CVE-2002-0212
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack...
CVE-2001-1338
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system...
Nortel CVX 1800s will dump all local user names and passwords via SNMP
The Nortel CVX 1800 is a modem bank containing up to 2600 modems per box. Many ISP's are using them for their dial-up customers. While querying the CVX-1800 for SNMP codes to use in a modem statistics program I was writing, I discovered the CVX-1800 will spill out all user names and passwords in...
Buffer overflows in Sambar
Buffer overflows in long username and in few CGIs...