Searching depending software vulnerabilities

rpc.mountd on Linux, Ultrix, and possibly other

attempting | existence | determine | attackers | different | generates | depending | operating | rpcmountd | possibly | messages | systems | whether | remote | Ultrix | allows | exists | server | error | mount | other | Linux | which | file | not |

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.


SSH before 2.0, with RC4 encryption and the "di

modifications | encryption | passwords" | attackers | replaying | passwords | "disallow | different | depending | portions | messages | sessions | certain | enabled | trigger | whether | correct | remote | before | easier | option | makes | guess | which | NULL | user | not | RC4 | SSH |

SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.


Check Point VPN-1 4.1SP4 using SecuRemote retur

authentication | SecuRemote | different | depending | attackers | messages | invalid | conduct | attacks | prompts | returns | remote | method | easier | brute | which | makes | Point | Check | force | users | error | valid | using | being | VPN-1 | 41SP4 | vary | used |

Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.


The getAlbumToDisplay function in idsShared.pm

getAlbumToDisplay | idsSharedpm | function | Display | System | Image |

The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.


Directory traversal vulnerability in the list_d

list_directory | vulnerability | Directory | traversal | function | Icecast |

Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not.


MailPost 5.1.1sv, and possibly earlier versions

information | attackers | different | sensitive | depending | requested | possibly | MailPost | displays | versions | whether | earlier | message | allows | remote | exists | error | 511sv | which | file | gain | not |

MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information.


Nortel Networks Contivity VPN Client displays a

information | attackers | different | depending | Contivity | sensitive | username | Networks | displays | invalid | whether | message | remote | Client | Nortel | allow | error | valid | could | which | gain | VPN |

Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information.


Buffer overflow in multiple F-Secure Anti-Virus

Anti-Virus | including | products | F-Secure | overflow | multiple | Buffer |

Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive.


The 55_options_traceback.dpatch patch for mailm

55_options_tracebackdpatch | mailman | patch |

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.


Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2

Bugzilla |

Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products.


The web mail service in Woppoware PostMaster 4.

PostMaster | Woppoware | service | mail | web |

The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.


The password reset feature in Movable Type befo

depending | different | generates | usernames | determine | attackers | messages | password | Movable | whether | feature | allows | remote | exists | before | reset | valid | error | which | user | Type | not |

The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.


login.asp in Ringtail CaseBook 6.1.0 displays d

CaseBook | Ringtail | loginasp |

login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.


ioFTPD 0.5.84 u responds with different message

ioFTPD |

ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.


The (1) elog.c and (2) elogd.c components in el


The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.


login.php in Interact 2.1.1 generates different

Interact | loginphp |

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.


WebCalendar 1.0.1 to 1.0.3 generates different

WebCalendar |

WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.


NetEpi Case Manager before 0.98 generates diffe

Manager | before | NetEpi | Case |

NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.


The default configuration of the POP server in

configuration | depending | responses | different | usernames | enumerate | attackers | generates | Services | username | default | whether | OpenVMS | remote | allows | TCP/IP | server | valid | which | not | POP |

The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.


The login interface in Symantec Enterprise Fire

Enterprise | pre-shared | interface | Firewall | Symantec | login | key | VPN |

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.


Software vulnerabilities results 1 to 20 of 29     
Page: 12