137 matches found
Denial of service from unlimited password lengths
TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities...
CVE-2023-38492 Kirby vulnerable to denial of service from unlimited password lengths
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still...
Kirby 安全漏洞
Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby versions 3.5.8.2 and earlier, 3.6.0 through 3.6.6.2, 3.7.0 through 3.7.5.1, 3.8.0 through 3.8.4, 3.9.0 through 3.9.5, and 3.9.0 and 3.9.5, which stems from an unspecified length of the Kirby authenticati...
CVE-2023-31664
A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...
WSO2 API Manager 跨站脚本漏洞
WSO2 API Manager is an API lifecycle management solution from WSO2, Inc. A security vulnerability exists in WSO2 API Manager versions prior to 4.2.0, which stems from a security issue in authenticationendpoint/login.do, that could allow an attacker to inject a crafted payload via the tenantDomain...
CVE-2023-31664
A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...
PT-2022-27690 · Unknown · Opendaylight
Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteUser function in the UserStore.java file is affected when the API interface "/auth/v1/users/" is used...
PT-2022-14228 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: keycloak version 18.0.0 Description: The issue concerns an open redirect in the authentication endpoint via the redirect uri parameter. However, it has been determined that this is a known misconfiguration, and recommendations to mitigate the...
PT-2022-28253 · Etcd · Etcd
Name of the Vulnerable Software and Affected Versions: etcd affected versions not specified Description: The issue is related to authentication in the etcd gateway. It only authenticates endpoints detected from DNS SRV records and does so only once. If an endpoint changes its authentication...
WatchGuard Firebox 安全漏洞
WatchGuard Firebox is a U.S. WatchGuard company that provides a comprehensive range of network security services, from traditional IPS and GAV, to web site/application control and malicious software prevention. A security vulnerability exists in WatchGuard Firebox that originates from allowing an...
CVE-2021-46434
EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid...
CVE-2021-38616
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/user-guid/ user edition endpoint could permit any logged-in user to increase their own permissions via a userpermissions array in a PATCH request. A guest user could modify other users' profiles and much more...
CVE-2021-38617
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation...
Eigen NLP 安全漏洞
Eigen NLP is a natural language processing system. A security vulnerability exists in Eigen NLP 3.10.1 that stems from a lack of access control on the /auth/v1/user/ user creation endpoint. The vulnerability allows a standard user to create a superuser account with a defined password, which...
urllib3 资源管理错误漏洞
urllib3 is a Python HTTP library. It features thread-safe connection pooling, file publishing support, and more. Urllib3 suffers from a Resource Management Error vulnerability that originates from adding the @ parameter to the URL of the authentication module, which can be exploited by an attacke...
CVE-2020-26891
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...
scsso.fone.sep.gob.mx XSS vulnerability
Vulnerable URL:...