2 matches found
CVE-2005-3480
CVE-2005-3480 affects Ringtail CaseBook 6.1.0 where login.asp returns distinct error messages for valid vs. invalid usernames, enabling remote attackers to enumerate valid usernames. The connected documents corroborate that the issue is an informational disclosure in authentication messages, with...
CVE-2005-3479
CVE-2005-3479 describes a cross-site scripting (XSS) flaw in Ringtail CaseBook 6.1.0, specifically in login.asp where an attacker can inject arbitrary script via the users parameter. Affected software is Ringtail CaseBook 6.1.0; the vulnerability arises from improper handling of the users input, ...