Page 106 of 671 results (0.008 seconds)

CVSS: 2.6EPSS: 1%CPEs: 2EXPL: 1

CVE-2006-5229 – Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack

https://notcve.org/view.php?id=CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. OpenSSH portable 4.1 en SUSE Linux, y posiblemente en otras plataformas y versiones, y posiblemente bajo configuraciones limitadas, permite a atacantes remotos determinar nombres de usuario válidos mediante discrepancias de tiempo en las cuales las respuestas tardan más para nombres de usuario válidos que para los inválidos, como ha sido demostrado por sshtime. NOTA: a fecha de 14/10/2006, parece que este problema depende del uso de contraseñas configuradas manualmente que provoca retrasos procesando /etc/shadow debido a un incremento en el número de rondas. • https://www.exploit-db.com/exploits/3303 http://secunia.com/advisories/25979 http://www.osvdb.org/32721 http://www.securityfocus.com/archive/1/448025/100/0/threaded http://www.securityfocus.com/archive/1/448108/100/0/threaded http://www.securityfocus.com/archive/1/448156/100/0/threaded http://www.securityfocus.com/archive/1/448702/100/0/threaded http://www.securityfocus.com/bid/20418 http://www.sybsecurity.com/hack-proventia-1.pdf http://www.vupen.com/english • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 51%CPEs: 2EXPL: 0

CVE-2006-4511

https://notcve.org/view.php?id=CVE-2006-4511

Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." Messenger Agents (nmma.exe) en Novell GroupWise 2.0.2 y 1.0.6 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una petición HTTP POST a puerto TCP 8300 con una parámetro val modificado, lo cual dispara una referencia nula relacionada con "cadenas de longitud cero en rutinas blowfish". • http://secunia.com/advisories/22244 http://securitytracker.com/id?1016974 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974452.htm http://www.idefense.com/intelligence/vulnerabilities/display.php?id=416 http://www.kb.cert.org/vuls/id/796956 http://www.securityfocus.com/bid/20316 http://www.vupen.com/english/advisories/2006/3893 https://exchange.xforce.ibmcloud.com/vulnerabilities/29319 •

CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2006-4185

https://notcve.org/view.php?id=CVE-2006-4185

Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. Vulnerabilidad no especificada en el NCPENGINE de Novell eDirectory 8.7.3.8 permite a usuarios locales provocar una denegación de servicio (agotamiento de CPU) a través de vectores no especificados, como se ha demostrado originalmente utilizando un escaneo Nessus. • http://secunia.com/advisories/21496 http://securitytracker.com/id?1016695 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm http://www.osvdb.org/28369 http://www.securityfocus.com/bid/19498 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-4186

https://notcve.org/view.php?id=CVE-2006-4186

The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. El iManager en eMBoxClient.jar en Novell eDirectory 8.7.3.8 escribe contraseñas en texto claro en un archivo de registro, lo que permite a usuarios locales obtener contraseñas leyendo el archivo. • http://secunia.com/advisories/21496 http://securitytracker.com/id?1016695 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm http://www.osvdb.org/28370 http://www.securityfocus.com/bid/19499 •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

CVE-2006-3818

https://notcve.org/view.php?id=CVE-2006-3818

Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de autenticación de acceso de Novell GroupWise WebAccess 6.5 anterior al 21/07//2006 y WebAccess 7 anterior al 27/07/2006 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro GWAP.version. • http://secunia.com/advisories/21411 http://securitytracker.com/id?1016648 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm http://www.securityfocus.com/bid/19297 http://www.vupen.com/english/advisories/2006/3098 https://exchange.xforce.ibmcloud.com/vulnerabilities/28210 https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html •