1741 matches found
CVE-2004-2150
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names...
CVE-2005-1650
The web mail service in Woppoware PostMaster 4.2.2 build 3.2.5 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames...
CVE-2005-1650
The web mail service in Woppoware PostMaster 4.2.2 build 3.2.5 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames...
CVE-2005-1600
A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key...
CVE-2005-0157
The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned...
GLSA-200504-06 : sharutils: Insecure temporary file creation
The remote host is affected by the vulnerability described in GLSA-200504-06 sharutils: Insecure temporary file creation Joey Hess has discovered that the program unshar, which is a part of sharutils, creates temporary files in a world-writable directory with predictable names. Impact : A local...
[ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability
|| || ISR || Infobyte Security Research || www.infobyte.com.ar || 03.15.2005 || .:: SUMMARY Novell iChain Mini FTP Server Valid User Disclosure Vulnerability Version: IChain Version v2.3, It is suspected that all previous versions of IChan are vulnerable. .:: BACKGROUND The Novell iChain product...
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...
CVE-2004-1428
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames...
Vulnerability in core server (CVE-2005-0244)
EXECUTE permissions are not properly checked when creating aggregates. A valid login is required to exploit this vulnerability...
Vulnerability in contrib module (CVE-2005-0246)
The intagg contrib module allows attackers to cause a denial of service. A valid login is required to exploit this vulnerability...
PT-2005-1326 · Postgresql +1 · Postgresql +1
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 8.0.0 and earlier Description: The issue allows attackers to cause a denial of service, resulting in a crash, by utilizing crafted arrays. A valid login is required to exploit this issue. Recommendations: For versions 8.0....
Vulnerability in core server (CVE-2005-0227)
Any database user is permitted to load arbitrary shared libraries using the LOAD command. A valid login is required to exploit this vulnerability...
ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks
Vendor: ArGoSoft Date: December 31, 2004 Issue: ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks URL: http://www.argosoft.com/ftpserver/ Advisory: http://www.lovebug.org/argosoftadvisory.txt Program Overview: ArGoSoft FTP Server is a lightweight FTP Server for...
CVE-2004-1428
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames...
CVE-2004-2150
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names...
Samba smbd Security Descriptor Parsing Remote Overflow
The remote Samba server, according to its version number, is vulnerable to a remote buffer overrun resulting from an integer overflow vulnerability. To exploit this flaw, an attacker would need to send to the remote host a malformed packet containing hundreds of thousands of ACLs, which would in...
[Full-Disclosure] sacred (pcgame) server flaw
Program: Sacred pc game http://sacred-game.com type: simple DoS, no client-auth affected version: 1.0.6.2 note: -fixed in later versions 1.0.7.0 dated:31.08.2004 -this security-lag exits for nearly half a year. although ascaron was informed at the date of release 02.03.2004, nothing happens long...
IPSwitch IMail 8.13 - 'DELETE' Remote Stack Overflow
!/usr/bin/perl -w IPSwitch-IMail-8.13-DELETE Discovered by : Muts Coded by : Zatlander WWW.WHITEHAT.CO.IL Plain vanilla stack overflow in the DELETE command Restrictions: - Need valid authentication credentials - Input buffer only allows characters between x20 - x7e Credits: -...
IPSwitch IMail 8.13 (DELETE) Remote Stack Overflow Exploit
No description provided by source. !/usr/bin/perl -w IPSwitch-IMail-8.13-DELETE Discovered by : Muts Coded by : Zatlander WWW.WHITEHAT.CO.IL Plain vanilla stack overflow in the DELETE command Restrictions: - Need valid authentication credentials - Input buffer only allows characters between x20 -...