yii2 security vulnerabilities

yii2 is a fast, secure and professional PHP framework. A security vulnerability exists in yii2-authclient versions prior to 2.2.15, which stems from the possibility of a timing attack in string comparison...

CVE-2021-42056

Thales Safenet Authentication Client SAC for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges...

PT-2022-3561 · Google +1 · Google-Oauth-Java-Client +1

Name of the Vulnerable Software and Affected Versions: google-oauth-java-client versions prior to 1.33.3 Description: The vulnerability is related to the IDToken verifier not verifying if a token is properly signed. This allows an attacker to provide a compromised token with a custom payload, whi...

strongSwan 代码问题漏洞

strongSwan is a Swiss Andreas Steffen personal developer of a Linux platform to use the open source IPsec-based VPN solution. The solution includes authentication mechanisms such as X.509 public key certificates, secure storage of private keys, smart cards, etc. The strongSwan solution has a code...

Exploit for Link Following in Thalesgroup Safenet_Authentication_Client

Safenet Authentication Client Privilege Escalation CVE-2021-42...

CVE-2020-27059

In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)

Exploit Title: Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow SEH Date: 2020-02-28 Exploit Author: Andrey Stoykov Version: Cyberoam General Authentication Client 2.1.2.7 Tested on: Windows Vista SP2 x86 Steps to Reproduce: 1 Run the POC 2 Copy the contents of "sploit.txt" into the...

Cyberoam General Authentication Client 2.1.2.7 - (Server Address) Denial of Service Exploit

Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/Cyberoam%20General%20Authentication%20Client%202.1.2.7.zip Tested...

CVE-2018-19442

A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/robotserial/messages Neato cloud URI on the...

Multiple Cisco products certified to bypass the vulnerability

Cisco Aironet Access Points, IOS Software, and Wireless LAN Controller are products of Cisco Corporation.Cisco Aironet Access Points and Cisco Wireless LAN Controller are a set of wireless access point devices. Cisco Aironet Access Points and Cisco Wireless LAN Controller are a set of wireless...

CVE-2013-4435

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

RSA Authentication Client 3.5 < 3.5.6 Local Authentication Bypass

RSA Authentication Client, an authentication client from RSA Security, is installed on the remote Windows host. The installed version of RSA Authentication Client 3.5 is earlier than 3.5.6 and is, therefore, potentially affected by an authentication bypass vulnerability. Under certain...

Authentication flaw

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session ...

RSA Authentication Client information leal

SENSITIVE and NON-EXTRACTABLE flags are ignored for shared kay, making it possible to extract it...

ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSAR Authentication Client when storing secret key objects on an RSA SecurIDR 800 Authenticator

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSA® Authentication Client when storing secret key objects on an RSA SecurID® 800 Authenticator RSA Authentication Client...

CVE-2010-3321

RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API...

CVE-2010-3321

RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API...