username software vulnerabilities
vulnerabilities.aspcode.net
Searching username software vulnerabilities
Buffer overflow in SCO su program allows local
username
|
overflow
|
program
|
access
|
allows
|
Buffer
|
users
|
local
|
long
|
gain
|
root
|
SCO
|
via
|
Buffer overflow in SCO su program allows local users to gain root access via a long username.
Compaq/Microcom 6000 Access Integrator does not
Compaq/Microcom
|
Compaq/Microcom 6000 Access Integrator does not cause a session timeout after prompting for a username or password, which allows remote attackers to cause a denial of service by connecting to the integrator without providing a username or password.
FTP Explorer uses weak encryption for storing t
encryption
|
password
|
username
|
Explorer
|
profile
|
storing
|
sites
|
uses
|
weak
|
FTP
|
FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.
Dragon telnet server allows remote attackers to
attackers
|
username
|
service
|
Dragon
|
denial
|
server
|
telnet
|
remote
|
allows
|
cause
|
long
|
via
|
Dragon telnet server allows remote attackers to cause a denial of service via a long username.
NetWin dMailWeb and cwMail 2.6g and earlier all
attackers
|
parameter
|
username
|
dMailWeb
|
earlier
|
service
|
denial
|
NetWin
|
cwMail
|
remote
|
allows
|
cause
|
long
|
26g
|
via
|
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter.
Yahoo! Messenger 5.0 allows remote attackers to
engineering
|
attackers
|
modifying
|
Messenger
|
username
|
service
|
spoofed
|
social
|
allows
|
remote
|
denial
|
spoof
|
Yahoo
|
other
|
using
|
users
|
Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks.
WorkforceROI Xpede 4.1 allows remote attackers
datasourceasp
|
WorkforceROI
|
attackers
|
guessing
|
username
|
attacker
|
password
|
database
|
conduct
|
attacks
|
request
|
easily
|
remote
|
obtain
|
allows
|
force
|
brute
|
which
|
Xpede
|
leaks
|
more
|
form
|
via
|
WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.
SQL injection vulnerability in Ruslan Bui
administrative
|
Builder
|
vulnerability
|
privileges
|
attackers
|
injection
|
password
|
username
|
sequence
|
allows
|
remote
|
Ruslan
|
"'--"
|
gain
|
SQL
|
via
|
SQL injection vulnerability in Ruslan Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password.
Magic Notebook 1.0b and 1.1b allows remote atta
attackers
|
Notebook
|
service
|
remote
|
denial
|
allows
|
Magic
|
cause
|
11b
|
10b
|
Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial of service (crash) via an invalid username during login.
Buffer overflow in paginit in AIX 5.1 through 5
arbitrary
|
username
|
overflow
|
execute
|
through
|
paginit
|
Buffer
|
allows
|
local
|
users
|
long
|
code
|
AIX
|
via
|
Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.
AppServ 2.5.x and earlier installs a default us
attackers
|
username
|
password
|
installs
|
AppServ
|
earlier
|
default
|
remote
|
access
|
allows
|
which
|
gain
|
25x
|
AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access.
Cross-site scripting (XSS) vulnerability in Xed
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.
Buffer overflow in Citadel/UX 6.23 and earlier
Citadel/UX
|
overflow
|
Buffer
|
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
Fastream NETFile FTP/Web Server 6.5.1.980 allow
Fastream
|
FTP/Web
|
NETFile
|
Server
|
Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist.
squid_ldap_auth in Squid 2.5 and earlier allows
squid_ldap_auth
|
username-based
|
authenticated
|
earlier
|
Control
|
bypass
|
Access
|
remote
|
allows
|
Lists
|
users
|
Squid
|
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
427BB 2.2 and 2.2.1 verifies authentication cre
427BB
|
427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.
The pswd.js script relies on the client to calc
brute-force
|
downloading
|
conducting
|
hard-coded
|
attackers
|
calculate
|
password
|
username
|
offline
|
attacks
|
whether
|
allows
|
remote
|
obtain
|
relies
|
client
|
pswdjs
|
script
|
server
|
values
|
hashed
|
which
|
match
|
The pswd.js script relies on the client to calculate whether a username and password for a server match hard-coded hashed values, which allows remote attackers to obtain a username and password by downloading pswd.js and conducting brute-force offline attacks.
Kahua before 0.7, when running multiple applica
authenticated
|
unauthorized
|
applications
|
application
|
supervisor
|
different
|
databases
|
username
|
accounts
|
database
|
multiple
|
instead
|
running
|
allows
|
remote
|
obtain
|
before
|
grants
|
access
|
assign
|
single
|
Kahua
|
which
|
basis
|
users
|
under
|
user
|
name
|
same
|
Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts.
Pedro Lineu Orso chetcpasswd 2.3.3 provides a d
chetcpasswd
|
Lineu
|
Pedro
|
Orso
|
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.
my.activation.php3 in F5 FirePass 5.4 through 5
myactivationphp3
|
FirePass
|
through
|
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.
Software vulnerabilities results 1 to 20 of 570
Page:
1
2
3
4
5
...
29
►