CVE-2021-27509

In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code...

CVE-2021-27509

CVE-2021-27509 affects Visualware MyConnection Server prior to version 11.0b build 5382. The issue is that each published report is not associated with its own access code, which can lead to unintended access to reports via improper linkage. NVD CVSS data indicate CVSSv3.1 base score 7.5 (HIGH) w...

BigBlueButton Conference Access Code Brute Force Attack Vulnerability

BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A conference access code brute force attack vulnerability exists in BigBlueButton 2.2.29 and earlier versions. The vulnerability stems from the ability to enter an unlimited amount of code for a conference...

CVE-2020-29042

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code...

CVE-2020-29042

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code...

Code injection

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code...

CVE-2020-29042

CVE-2020-29042 : The issue affects BigBlueButton up to version 2.2.29, where an unlimited number of access codes can be entered for a meeting, enabling brute-force attempts to bypass access protection. The impact is potential unauthorized meeting access; the description does not specify whether e...

CVE-2020-29042

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code...

BigBlueButton 安全漏洞

BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A conference access code brute force attack vulnerability exists in BigBlueButton 2.2.29 and earlier versions. The vulnerability stems from the ability to enter an unlimited amount of code for a conference...

BigBlueButton 2.2.29 Brute Force

Title: BigBlueButton Meeting Access Code Brute Force Vulnerability Google Dork: N/A Date: 24.11.2020 Author: Seccops https://seccops.com Vendor Homepage: bigbluebutton.org Version: 2.2.29 and previous versions CVE: CVE-2020-29042 === Summary === An issue was discovered in BigBlueButton through...

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

CVE-2020-15001

CVE-2020-15001 affects Yubico YubiKey 5 NFC, specifically firmware versions 5.0.0–5.2.6 and 5.3.0–5.3.1. The OTP application allows optional access codes on OTP slots, but the access code is not checked when updating NFC-specific OTP configurations. As a result, an attacker could read configured ...

Design/Logic Flaw

The extractgroupiconcursorresource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service process crash and execute arbitrary code via a crafted executable...

LifeOmic: open redirect while login at https://apps.dev.jupiterone.io can leak access code.

LifeOmic Comments @base64 found an open redirect bug in our auth flow. After review, we determined that due to design the exploit would only work in our dev environment. Though we determined mitigating controls were already in place for this attack in prod, we valued @base64 's efforts and awarde...

CVE-2019-3934

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code...

Open Redirection

Cloudfoundry UAA is vulnerable to open redirection.The redirect URI is not properly validated to filter wildcard characters, allowing a remote unauthenticated user to enter malicious URI to get a UAA access code...

CVE-2019-3788

Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the...

Ed: Oauth flow on the comments widget login can lead to the access code leakage

Description Hello. Here is a keyword: frog I discovered an little Oauth flow in the comments widget authentication process using redirecturi manipulations. The widget located on the all blogposts, which have URL https://edoverflow.com/2017/post-title/ Upon authentication, it appeared that code...

CVE-2016-1181

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service unexpected memory access via a multipart request, a related issue to CVE-2015-0899...

Stored XSS Vulnerability in ADPlugg Wordpress Plugin

===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin ===================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin Author: Kaustubh G. Padwad...