1751 matches found
Netscape Messenging Server POP3 Error Message User Account Enumeration
The remote POP server allows an attacker to obtain a list of valid logins on the remote host, thanks to a brute-force attack. If the user connects to this port and issues the commands : USER 'someusername' PASS 'whatever' the user will then get a different response whether the account...
CVE-2001-0421
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD command, which could release sensitive information such as shadowed...
CVE-2001-1338
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system...
Solaris 2.67.0 - IN.FTPD CWD Username Enumeration
Solaris 2.67.0 - IN.FTPD CWD Username Enumeration source: https://www.securityfocus.com/bid/2564/info Solaris is the variant of the UNIX Operating System distributed by Sun Microsystems. Solaris is a versatile operating system designed for use with machines as small as desktop systems and as larg...
CVE-2000-0938
Samba Web Administration Tool SWAT in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server...
CVE-2000-0938
Samba Web Administration Tool SWAT in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server...
CVE-2000-1002
POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks...
CVE-2000-1032
The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall...
CVE-2000-1030
CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server...
CVE-2000-1037
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack...
CVE-2000-1017
Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database...
CVE-2000-1030
CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server...
CVE-2000-1037
The CVE-2000-1037 issue affects Check Point Firewall-1 session agent versions 3.0 through 4.1. The root cause is that the service returns different error messages for invalid usernames versus invalid passwords, enabling remote attackers to enumerate valid usernames and perform brute-force passwor...
CVE-2000-1037
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack...
I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix.
Hello everyone, this message is generated after several hours with Symantec Tech support and my personal research of the issue. The issue is confirmed to be a problem by Symantec® . Platform: I-gear 3.5.6 and 3.5.7-x for MSP Proxy 2.0 ; Windows NT 4.0 SP6; MSP 2.0 SP1; PowerEdge 2300 dual 450; 51...
CVE-1999-0407
CVE-1999-0407 affects Microsoft IIS 4.0. A default virtual directory /IISADMPWD contains files that can be used as proxies for brute-forcing credentials or identifying valid users. In Nessus data, these files (aexp2.htr, aexp2b.htr, aexp3.htr, aexp4.htr) can enable brute-force login attempts; one...
CVE-2000-0284
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands...
CVE-2000-0284
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands...
University of Washington - imap LSUB Buffer Overflow (Metasploit)
University of Washington - imap LSUB Buffer Overflow Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
University of Washington - imap LSUB Buffer Overflow (Metasploit)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'UoW IMAP...