Lucene search
K

168 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Cerberus FTP Server 2.1 Information Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2013/10/25 11:55 p.m.34 views

CVE-2013-4434

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames...

5CVSS5.9AI score0.05749EPSS
Exploits0References1
Prion
Prion
added 2013/10/25 11:55 p.m.27 views

Code injection

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames...

5CVSS7AI score0.05749EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2013/09/24 10:35 a.m.18 views

Design/Logic Flaw

The Intelligent Platform Management Interface IPMI implementation in the Blade Management Controller in Cisco Unified Computing System UCS allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761...

5CVSS7.2AI score0.01652EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2013/04/15 12:0 a.m.29 views

CMSLogik 1.2.1 User Enumeration Weakness

!/usr/bin/python CMSLogik 1.2.1 user param User Enumeration Weakness Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

0.2AI score
Exploits0
NVD
NVD
added 2012/12/05 5:55 p.m.26 views

CVE-2012-5055

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of logi...

5CVSS6.7AI score0.01936EPSS
Exploits0References1
Cvelist
Cvelist
added 2012/12/05 5:0 p.m.26 views

CVE-2012-5055

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of logi...

6.7AI score0.01936EPSS
Exploits0References1
Prion
Prion
added 2012/12/03 12:49 p.m.24 views

Buffer overflow

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

5CVSS6.7AI score0.14784EPSS
Exploits1References11Affected Software2
Gentoo Linux
Gentoo Linux
added 2012/06/24 12:0 a.m.105 views

Apache Tomcat: Multiple vulnerabilities

Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, ...

7.5CVSS6.6AI score0.9444EPSS
Exploits33
Tenable Nessus
Tenable Nessus
added 2011/12/01 12:0 a.m.372 views

SIP Username Enumeration

The SIP server on the remote host appears to respond differently to registration requests for valid and invalid usernames. Using that fact, Nessus was able to enumerate some of the valid usernames. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

5.5AI score
Exploits0References1
Metasploit
Metasploit
added 2011/08/15 5:56 a.m.540 views

Apache "mod_userdir" User Enumeration

Apache with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. This module requires Metasploit:...

5CVSS0.1AI score0.65563EPSS
Exploits3
Debian CVE
Debian CVE
added 2009/11/10 6:0 p.m.47 views

CVE-2009-3727

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error message...

5CVSS6.4AI score0.04201EPSS
Exploits0
Prion
Prion
added 2009/07/10 9:0 p.m.24 views

Cross site request forgery (csrf)

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...

5CVSS7.1AI score0.05412EPSS
Exploits8References11Affected Software2
UbuntuCve
UbuntuCve
added 2009/07/10 9:0 p.m.36 views

CVE-2009-2336

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...

5CVSS5.9AI score0.05412EPSS
Exploits8References1
NVD
NVD
added 2009/05/28 8:30 p.m.15 views

CVE-2009-1384

pamkrb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux RHEL 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

5CVSS7.6AI score0.03326EPSS
Exploits0References12
NVD
NVD
added 2009/05/28 2:30 p.m.19 views

CVE-2009-1803

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

5CVSS6.7AI score0.01218EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2009/05/22 6:30 p.m.20 views

CVE-2009-1769

The web interface in Open Computer and Software Inventory Next Generation OCS Inventory NG 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames...

5CVSS5.9AI score0.01558EPSS
Exploits0References1
NVD
NVD
added 2008/11/17 11:30 p.m.26 views

CVE-2008-5112

The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind...

5CVSS6.5AI score0.19965EPSS
Exploits1References4
Cvelist
Cvelist
added 2008/11/17 11:0 p.m.26 views

CVE-2008-5112

The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind...

6.5AI score0.19965EPSS
Exploits1References4
NVD
NVD
added 2008/04/07 6:44 p.m.17 views

CVE-2008-1618

The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames...

5CVSS6.9AI score0.01738EPSS
Exploits1References7
Rows per page
Query Builder