Rocket.Chat: Authentication Bypass in login-token Authentication Method

The Rocket.Chat application contained a vulnerability in the login-token authentication method that allowed for authentication bypass. Improper input data validation in the login-token authentication handler permitted the use of crafted data to obtain a valid authToken, granting administrative...

python-ldap bug fix and enhancement update

The python-ldap packages provide an object-oriented API for working with LDAP within Python programs. It allows access to LDAP directory servers by using the OpenLDAP 2.x libraries, and contains modules for other LDAP-related tasks including processing LDIF, LDAPURLs, LDAPv3 schema, etc.. Bug Fix...

GHSA-H77F-XXX7-4858 User impersonation due to incorrect handling of the login JWT

Impact This allows anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any Bedrock user. Unless credentials are saved in your configuration, online mode is not affected as users are still required to log in separately. If your...

Insecure Session Management

github.com/ory/fosite uses insecure session management. The vulnerability exists as it fails to validate the uniqueness of this jti value in privatekeyjwt client authentication method, allowing an attacker to send the same token request twice with the same jti assertion to get two access tokens...

Token reuse in Ory fosite

Impact When using client authentication method "privatekeyjwt" 1https://openid.net/specs/openid-connect-core-10.htmlClientAuthentication, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens...

HashiCorp Terraform 安全漏洞

Hashicorp Terraform is an open source tool for provisioning and managing cloud infrastructure from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Terraform versions prior to 2.19.1 that stems from a failure to properly configure the GCE type binding tag for Vault's GCP...

NETGEAR JGS516PE/GS116Ev2 Buffer Overflow Vulnerability (CNVD-2021-17575)

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A buffer overflow vulnerability exists in the NSDP protocol authentication method in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker could exploit this vulnerability to cause the device to reboot...

CVE-2020-35224

A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot...

Windows Inject PE Files, Hidden Bind Ipknock TCP Stager

Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...

irssi: use after free when sending SASL login to server

Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server...

DEBIAN-CVE-2019-18823

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include...

IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule "IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in...

CVE-2019-10706

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to othe...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...

About CVE-2019-9766 buffer overflow vulnerability penetration module preparation and testing-vulnerability warning-the black bar safety net

CVE-2019-9766 exposed about Free MP3 CD Ripper buffer overflow vulnerability in the conversion file, Free MP3 CD Ripper 2.6 in a stack-based buffer overflow vulnerability allows user-assisted remote attackers via a specially crafted. mp3 file to execute arbitrary code. This article describes in...

CloudBees Jenkins JMS Messaging Plugin Server Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . JMS Messaging Plugin is used in one of the...

PT-2019-11325 · Jenkins · Jenkins Jms Messaging Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JMS Messaging Plugin versions 1.1.1 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. This is due to vulnerabilities in th...

Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection

Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Protection. Vulnerability Details CVEID:...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

SUSE SLES12 Security Update : git (SUSE-SU-2017:1357-1)

This update for git fixes the following issues : - git 2.12.3 : - CVE-2017-8386: Fix git-shell not to escape with the starting dash name bsc1038395 - Fix for potential segv introduced in v2.11.0 and later - Misc fixes and cleanups. - git 2.12.2 : - CLI output fixes - 'Dump http' transport fixes -...