119 matches found
PT-2025-27696
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential out-of-bounds read/write access issue has been identified in the Linux kernel, specifically in the net/mdiobus component. This issue arises when using tools like mdio-tools...
CVE-2023-37265
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...
CVE-2020-8086
The modauthldap and modauthldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the isadmin function. This grants remote entities admin-only functionality if their username matches the username of a local admin...
CVE-2020-19768
A lack of target address verification in the selfdestructs function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script...
CVE-2020-19769
A lack of target address verification in the BurnMe function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script...
CVE-2019-19806
accountforgotpassword.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses...
workers-oauth-provider 安全漏洞
workers-oauth-provider is a Cloudflare open source OAuth provider library for Cloudflare Workers. A security vulnerability exists in workers-oauth-provider that stems from not properly verifying that the redirecturi is in the allowed list, which could lead to credential theft...
Juniper Junos OS Vulnerability (JSA88105)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA88105 advisory. - An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to...
CVE-2024-39534
An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. Thi...
PT-2024-7847 · Juniper Networks · Junos Evolved
Name of the Vulnerable Software and Affected Versions: Junos OS Evolved versions prior to 21.4R3-S8-EVO Junos OS Evolved version 22.2-EVO prior to 22.2R3-S4-EVO Junos OS Evolved version 22.3-EVO prior to 22.3R3-S4-EVO Junos OS Evolved version 22.4-EVO prior to 22.4R3-S3-EVO Junos OS Evolved versi...
CVE-2023-50455
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...
CVE-2023-50455
Zammad before 6.2.0 is affected by a rate-limiting vulnerability in the email address verification feature. The lack of rate limiting allows an attacker to issue many requests for a known address, leading to Denial of Service via generation of a large number of emails (which could spam the recipi...
CVE-2023-50455
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...
PostHog Code Issues Vulnerabilities
PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from not verifying that a URL is local when enabling Webhook, allowing authenticated users to spoof POST requests...
The vulnerability of the Zabbix universal monitoring system, related to incorrect authorization, allows a intruder to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Zabbix universal monitoring system is related to the improper implementation of IP address checking. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and even cause service failures...
Workspace Error: "Your account cannot be added using this server address"
When adding account with NetScaler Gateway FQDN in Workspace, you may have below error prompt: "Your account cannot be added using this server address. Make sure you entered it correctly. You may need to enter your email address instead."...
Lack Of IP Address Verification
github.com/IceWhaleTech/CasaOS-Gateway is vulnerable to Lack Of IP Address Verification. The vulnerability exists because the gatewayroute.go incorrectly checks the source of an IP, which allows an attacker to inject and execute malicious commands as root on a CasaOS instance...
CVE-2023-37265
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...
Design/Logic Flaw
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...
CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...