Project Server 2003 - Credential Disclosure

============================================================== Project Server 2003 - Credential Disclosure [email protected] ============================================================== Microsoft Project server 2003 implements a thick client for some of the functionality. The...

CVE-2006-4403

The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service crash and enumerate valid usernames...

Vulnerability in core server (CVE-2006-5541)

A bug in the coercion of unknown literals to ANYARRAY can cause a denial of service. A valid login is required to exploit this vulnerability...

Vulnerability in core server (CVE-2006-5542)

A bug in the logging of V3 protocol messages can cause a denial of service. A valid login is required to exploit this vulnerability...

Vulnerability in core server (CVE-2006-5540)

A bug in the handling of aggregates in UPDATE can cause a denial of service. A valid login is required to exploit this vulnerability...

CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime...

Flatnuke 2.5.8 (userlang) Local Inclusion / Delete All Users Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ----------------------------------------------------------------------------- Flatnuke 2.5.8 "userlang" arbitrary local inclusion/delete all users exploit by rgod [email protected] site: http://retrogod.altervista.o...

PT-2006-5180 · Mambo · Contacts Xtd +1

Name of the Vulnerable Software and Affected Versions: Mambo component com contxtd affected versions not specified Description: A remote file inclusion issue in the Contacts XTD ContXTD component for Mambo allows remote attackers to potentially execute arbitrary PHP code via a URL in the mosConfi...

colophon.txt

REMOTE COMMAND Mambo Colophon =1.2 by Drago84 Found By Drago84 Exclusive Security Italian Security This bug allows a remote atacker to execute commands via rfi page: admin.colophon.php bug: requireonce"$mosConfigabsolutepath/components/comcolophon/language/$mosConfiglang.php"; path: add in...

CVE-2006-1644

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Information disclosure

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1644

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Vulnerability in core server (CVE-2006-0678)

A bug in the handling of SET SESSION AUTHORIZATION can cause a backend crash in Assert enabled builds. This will cause the postmaster to restart all backend, resulting in a denial of service. A valid login is required to exploit this vulnerability...

CVE-2006-0599

The 1 elog.c and 2 elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames...

CVE-2006-0599

The 1 elog.c and 2 elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames...

CVE-2006-0599

Removed by vendor...

CVE-2005-3480

login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames...

Outlook Web anonymous access

It is possible to browse the information of the OWA server by accessing as an anonymous user with the following URL: http://www.example.com/exchange/root.asp?acs=anon After this access, the anonymous user can search for valid users in the OWA server and can enumerate all users by accessing the...

pam_per_user authentication module privilege escalation

Having valid credentials on the system, it's possible to login with any account...

CVE-2005-2591

Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability...