FreeRDP授权问题漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the Freerdp team. FreeRDP suffers from an authorization issue vulnerability that stems from the fact that prior to version 2.7.0, server-side authentication against invalid credentials may succeed if the server is...

The vulnerability of the Bluetooth service for Windows operating systems allows a perpetrator to increase their privileges and gain unauthorized access to protected information.

The vulnerability of the Bluetooth service for Windows operating systems is related to authentication errors. Exploiting this vulnerability can allow an attacker to increase their privileges and gain unauthorized access to protected information...

CVE-2018-1154

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue...

httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

Concrete CMS: Weak random number generator used in concrete/authentication/concrete/controller.php

php private function genString$a = 20 $o = ''; $chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@$%^&+|":?'\'; $l = strlen$chars; while $a-- $o .= substr$chars, rand0, $l, 1; return md5$o; Using substrrand then running md5 on the output would be better replaced by using bin2hex and either...

HackerOne: Account Hijacking (Only rare case scenario)

Hi, This is a logical flaw in the application which may allow any arbitrary user to obtain account access of another user. Below is the exploit scenario which may lead to potential account takeover in certain circumstances: User changes email while he is logged in his own account Some wrong email...

Low: Red Hat Security Advisory: freeradius2 security and bug fix update

Updated freeradius2 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

RedHat Update for openldap RHSA-2011:0346-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Trango Broadband Wireless Interception

-------------------------------------------------------------------------- Trango Broadband Wireless M5830 Series Rogue SU Authentication Bug Date : 15 December, 2009 By: Blair - [email protected] -------------------------------------------------------------------------- Background ----------...

Trango Broadband Wireless Rogue SU Authentication Bug

-------------------------------------------------------------------------- Trango Broadband Wireless M5830 Series Rogue SU Authentication Bug Date : 15 December, 2009 By: Blair - [email protected] -------------------------------------------------------------------------- Background ----------...

GLSA-200406-17 : IPsec-Tools: authentication bug in racoon

The remote host is affected by the vulnerability described in GLSA-200406-17 IPsec-Tools: authentication bug in racoon The KAME IKE daemon racoon is used to authenticate peers during Phase 1 when using either preshared keys, GSS-API, or RSA signatures. When using RSA signatures racoon validates t...

SUSE-SA:2003:036: pam_smb

The remote host is missing the patch for the advisory SUSE-SA:2003:036 pamsmb. The PAM module and server pamsmb allows users of Linux systems to be authenticated by querying an NT server. Dave Airlie informed us about a bug in the authentication code of pamsmb that allows a remote attacker to gai...

Microsoft SharePoint Portal and Team Services

There is a bug in how the authentication mode works with the web-based administration page. This page resides, in the Web Servers with Sharepoint, in http://www.example.com/layouts/settings.htm or http://www.example.com/somedirectory/layouts/settings.htm This page is usually protected by NT Basic...

Remote Cobalt Raq XTR vulns

----------------------------------------------------------------- Topic : Combined Remote/Local root Cobalt XTR vulnerabilities Date : 02-03-2002 Author : Wouter ter Maat aka [email protected] Url : http://www.digit-labs.org -----------------------------------------------------------------...