EUVD-2021-25507

Malware in sbrugna...

CVE-2022-35980

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

GHSA-F4QR-F4XX-HJXW OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

Impact Requests to an OpenSearch cluster configured with advanced access control features document level security DLS, field level security FLS, and/or field masking will not be filtered when the query's search pattern matches an aliased index. OpenSearch Dashboards creates an alias to .kibana by...

CVE-2021-39070

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353...

LDAP authentication vulnerability in Access Gateway Advanced Access Control

Description of Problem If the Advanced Access Control option AAC of Access Gateway is configured to use LDAP authentication then it is possible for a user to logon without supplying valid credentials. This vulnerability only affects AAC Version 4.2 deployments that are using LDAP authentication;...

IBM Security Access Manager Unauthorized Operation Vulnerability

IBM Security Access Manager is a product for information security management applications from IBM, USA. The product enables access management control through integrated devices for web, mobile and cloud computing. A security vulnerability exists in IBM Security Access Manager versions 9.0.3.1...

CVE-2018-1850

CVE-2018-1850 affects IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0, and 9.0.5.0. When Advanced Access Control services are running, it could allow unauthorized administration operations. The root cause is within the Advanced Access Control service enabling admin actions without proper a...

CVE-2018-1850

IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998...

CVE-2018-1850

IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998...

CVE-2018-1850

IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998...

Security Bulletin: IBM Security Access Manager Appliance is affected by a security vulnerability (CVE-2018-1850)

Summary IBM Security Access Manager appliance is affected by a security vulnerability that could allow unauthorized operations when Advanced Access Control services are running. Vulnerability Details CVEID: CVE-2018-1850 DESCRIPTION: IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and...

CVE-2018-1722

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370...

Remote code execution

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370...

Joomla Component com_eportfolio Upload Vulnerability

Exploit for php platform in category web applications ==================================================== Joomla Component comeportfolio Upload Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /...

Input validation

The web portal interface in Citrix Access Gateway aka Citrix Advanced Access Control before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or...

CVE-2006-6572

Unspecified vulnerability in Citrix Advanced Access Control AAC Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a differen...

CVE-2006-6572

Citrix Access Gateway AAC 4.2 with LDAP enabled is affected by an LDAP authentication bypass vulnerability. A remote attacker may authenticate without valid credentials. Citrix provides a hotfix (CTX110950) and recommends not enabling LDAP authentication as mitigation.

CVE-2006-6572

Unspecified vulnerability in Citrix Advanced Access Control AAC Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a differen...

Citrix Access Gateway authentication bypass

Unauthenticated access is possible if Advanced Access Control is used with LDAP authentication...

CVE-2006-4846

Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control AAC 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors...