1741 matches found
CVE-2003-0512
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge...
ezbounce 1.0/1.5 - Format String
// source: https://www.securityfocus.com/bid/8071/info It has been reported that ezbounce is affected by a format string vulnerability. The condition is present in the file "ezbounce/commands.cpp" and can be triggered when session support is enabled. To exploit this vulnerability, the attacker mu...
CVE-2003-0402
The default login template /vgn/login in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks...
Kerio MailServer 5.6.3 - Remote Buffer Overflow
Kerio MailServer 5.6.3 - Remote Buffer Overflow / Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 / / ========================================= / / By B-r00t / / / / In response to the Kerio Mailserver vulnerabilities / / discovered by David F.Madrid. / / / / Although this exploit...
Kerio MailServer 5.6.3 Remote Buffer Overflow Exploit
Exploit for linux platform in category remote exploits ===================================================== Kerio MailServer 5.6.3 Remote Buffer Overflow Exploit ===================================================== / Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 / /...
Kerio MailServer 5.6.3 - Remote Buffer Overflow
/ Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 / / ========================================= / / By B-r00t / / / / In response to the Kerio Mailserver vulnerabilities / / discovered by David F.Madrid. / / / / Although this exploit requires valid authentication / / details, it is...
ShareMailPro POP3 Interface Error Message Account Enumeration
The remote ShareMail server issues a special error message when a user attempts to log in using a nonexistent POP account. An attacker may use this flaw to make a list of valid accounts by looking at the error messages it receives at authentication time. C Tenable Network Security, Inc...
CUPS 1.1.x - Cupsd Request Method Denial of Service
CUPS 1.1.x - Cupsd Request Method Denial of Service source: https://www.securityfocus.com/bid/7637/info The cupsd has been reported prone to a denial of service vulnerability. Reportedly the cupsd does not adequately apply a time-out process for malicious HTTP requests and service is denied to...
CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
DEBIAN-CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
Cerberus FTP Server 2.1 - Information Disclosure
Cerberus FTP Server 2.1 - Information Disclosure source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may...
Cerberus FTP Server 2.1 - Information Disclosure
source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness in error handling to disclose val...
Qpopper 34 - Username Information Disclosure
Qpopper 34 - Username Information Disclosure source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small...
Qpopper 3/4 - 'Username' Information Disclosure
source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the clien...
CVE-2002-2410
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information...
Sendmail Trojan Horse Vulnerability
Description Reportedly, the server hosting sendmail, ftp.sendmail.org, was compromised recently. It has been reported that the intruder made modifications to the source code of sendmail to include Trojan Horse code. Downloads of the sendmail source code from ftp.sendmail.org between September 28,...
CVE-2002-1064
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server...
Firewall-1 usernames detection
PKI aggressive mode replies are different for existing and non-existing usernames...