CVE-2021-3005

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information e.g., a CPF number via a modified titulo aka invoice number value to the central/recibo.php URI...

MK-AUTH Cross-Site Request Forgery Vulnerability

MK-AUTH is an access control system by the individual developer Pedro Filho in Brazil. A cross-site request forgery vulnerability exists in MK-AUTH through version 19.01 K4.9, which allows passwords to be changed via the central executor central.php...

Sql injection

SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin...

CVE-2020-10282 RVD#3316: No authentication in MAVLink protocol

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

D-Link DIR-615 T1 20.10 - CAPTCHA Bypass

Exploit Title: D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Date: 2019-10-12 Exploit Author: huzaifa hussain Vendor Homepage: https://in.dlink.com/ Version: DIR-615 T1 ver:20.10 Tested on: D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1 CVE: CVE-2019-17525 D-LIN...

D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Exploit Author: huzaifa hussain Vendor Homepage: https://in.dlink.com/ Version: DIR-615 T1 ver:20.10 Tested on: D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" &...

Authentication flaw

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication...

File Upload Vulnerability in BSPHP-PRO Network Authentication System

BSPHP-PRO is a high performance network verification system. A file upload vulnerability exists in the BSPHP-PRO network authentication system, which can be exploited by an attacker to upload malicious files and gain system administrative privileges...

Authentication flaw

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, 1 which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, 2 when an authentication plugin returns a false in the strict function, could allow remo...

CVE-2012-4381

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, 1 which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, 2 when an authentication plugin returns a false in the strict function, could allow remo...

CVE-2012-4381

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, 1 which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, 2 when an authentication plugin returns a false in the strict function, could allow remo...

Fedora Update for krb5 FEDORA-2019-2323661e5f

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ZTE ZXCDN IAMWEB Misconfiguration Vulnerability

ZTE ZXCDN IAMWEB is an authentication product from ZTE Corporation ZTE, China. A configuration error vulnerability exists in ZTE ZXCDN IAMWEB version 6.01.03.01. The vulnerability stems from the existence of unreasonable file configuration, parameter configuration, etc. during the use of a networ...

The vulnerability of the `tokenUseGlobalStorage` function in the authentication system for web applications in LemonLDAP::NG allows a attacker to compromise data integrity, gain access to confidential data, and cause service interruptions.

The vulnerability of the tokenUseGlobalStorage function in the authentication system for web applications in LemonLDAP::NG is related to insufficient token session verification. Exploiting this vulnerability could allow a malicious actor to compromise data integrity, gain access to confidential...

ALPINE-CVE-2019-13045

Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server...

CVE-2019-7393

A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases...

CVE-2019-7442

An XML external entity XXE vulnerability in the Password Vault Web Access PVWA of CyberArk Enterprise Password Vault =10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system...

Denial Of Service (DoS)

Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5unparsename function of the MIT Kerberos kadmind service. An authenticated attacker could...

CentOS 7 : krb5 (CESA-2018:3071)

An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

OmniAuth Information Disclosure Vulnerability

OmniAuth is a set of authentication system using Rack middleware implementation . An information disclosure vulnerability exists in the strategy.rb file in versions of OmniAuth prior to 1.3.2, which stems from the program failing to properly protect the authenticitytoken value. An attacker could...