valid software vulnerabilities

Searching valid software vulnerabilities

Error messages generated by gdm with the Verbos

Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.

rsh daemon (rshd) generates different error mes

rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system.

qpopper 4.01 with PAM based authentication on R

qpopper |

qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.

The login for Hosting Controller 1.1 through 1.

Controller | through | Hosting | login |

The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.

Thomas Hauck Jana Server 2.x through 2.2.1, and

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.

Lotus Domino 5.0.8 web server returns different

Domino | Lotus |

Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.

Nettica Corporation INTELLIPEER Email Server 1.

Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names.

Cisco VPN 3000 Concentrator before 4.1.7.F allo

Cisco | VPN |

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.

Behavioral discrepancy information leak in Juni

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

WebEOC before 6.0.2 allows remote attackers to

before | WebEOC |

WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods.

Mail Management Agent (MAILMA) (aka Mail Manage

Management | Agent | Mail |

Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106.

The (1) elog.c and (2) elogd.c components in el

The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.

login.php in Interact 2.1.1 generates different

Interact | loginphp |

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Adobe Document Server for Reader Extensions 6.0

Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks.

WebCalendar 1.0.1 to 1.0.3 generates different

WebCalendar |

WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

The FTP server in Apple Mac OS X 10.4.8 and ear

server | Apple | Mac | FTP |

The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.

NetEpi Case Manager before 0.98 generates diffe

Manager | before | NetEpi | Case |

NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

Pedro Lineu Orso chetcpasswd 2.3.3 provides a d

chetcpasswd | Lineu | Pedro | Orso |

Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.

The default configuration of the POP server in

The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.

The login interface in Symantec Enterprise Fire

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

Software vulnerabilities results 1 to 20 of 166

Page: 12 3 4 5...9 ►

valid software vulnerabilities

vulnerabilities.aspcode.net

Searching valid software vulnerabilities