MikroTik RouterOS Assertion Failure Vulnerability

MikroTik RouterOS is a Linux-based router operating system developed by MikroTik Latvia.An assertion failure vulnerability exists in MikroTik RouterOS, which stems from an authentication error in the product's /ram/pckg/security/nova/bin/ipsec process. An attacker could exploit this vulnerability...

Exploit for SQL Injection in Virtuasoftware Cobranca

My CVEs Collection of PoC to my C...

MikroTik RouterOS 代码问题漏洞

MikroTik RouterOS is a Linux-based router operating system developed by MikroTik Latvia.An assertion failure vulnerability exists in MikroTik RouterOS, which stems from an authentication error in the product's /ram/pckg/security/nova/bin/ipsec process. An attacker could exploit this vulnerability...

The vulnerability of the software used to create the private virtual network astra-openvpn-server lies in errors in the authentication process, which allow a perpetrator to cause service interruptions.

The software vulnerability related to the creation of a private virtual network, astra-openvpn-server, is caused by an error in certificate rehydration. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

WESEEK GROWI Access Control Error Vulnerability (CNVD-2021-43487)

Weseek GROWI is a suite of team collaboration software from Weseek Japan. An access control error vulnerability exists in WESEEK GROWI that originates from an error in the handling of authentication requests. A remote, authenticated attacker could exploit the vulnerability to view unauthorized...

SAP NetWeaver AS ABAP and ABAP Platform Authentication Error Vulnerability

SAP NetWeaver ABAP Server is an application server for ABAP Advanced Business Application Programming. SAP NetWeaver AS ABAP and ABAP Platform Authentication Error Vulnerability can be exploited by remote attackers to submit special requests, bypass security restrictions, and gain unauthorized...

Cisco 多款产品命令注入漏洞

Cisco Small Business is a switch from Cisco USA. A command injection vulnerability exists in multiple Cisco products and results from incorrect authentication provided to the user. An attacker could exploit this vulnerability to perform command injection in an attack on an affected device. The...

Dell EMC iDRAC9 Authentication Error Vulnerability

Dell EMC iDRAC9 is a system management solution comprising hardware and software from Dell USA. The solution provides remote management, crash system recovery and power control for Dell PowerEdge systems. An authentication error vulnerability exists in Dell EMC iDRAC9 versions prior to 4.40.00.00...

Oracle Coherence Input Validation Error Vulnerability (CNVD-2021-33847)

Oracle Coherence is an application from Oracle Corporation. It provides fast access to frequently used data to enable predictable scaling of mission-critical applications. Oracle Coherence Core 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 suffers from an Input Authentication Error...

Oracle Coherence 输入验证错误漏洞

Oracle Coherence is an application from Oracle Corporation. It provides fast access to frequently used data to enable predictable scaling of mission-critical applications. Oracle Coherence Core 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 suffers from an Input Authentication Error...

Bitdefender Safepay Access Control Error Vulnerability

Bitdefender SafePay is a secure browser. The Access Control Error vulnerability, which previously existed in Bitdefender Safepay version 25.0.7.29, stems from an Authentication Error vulnerability in Bitdefender Safepay, which can be exploited by an attacker to manipulate the browser's file uploa...

The vulnerability of Huawei AR3200 router’s micro-programming software, related to authentication errors, allows attackers to escalate their privileges.

The vulnerability of Huawei AR3200 router’s micro-programming software is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

iOS Enrollment - Remote Management on DEP devices: Your credentials are either missing or wrong. Try again

When authenticating in Remote Management page the AD user cannot authenticate. Then it gets an error message: Your credentials are either missing or wrong. Try again...

360 F5 Input Validation Error Vulnerability

The 360 F5 is a smartphone device from the Chinese company 360. The 360F5 3.1.3.64296 and lower suffers from an Input Authentication Error vulnerability that stems from a specific illegal 802.11 Null Data Frame, which causes other wireless terminals to disconnect from the wireless connection in...

PT-2020-5611 · Apple · Icloud +6

Name of the Vulnerable Software and Affected Versions: Apple iCloud versions prior to 7.19 and prior to 11.2 Apple iTunes versions prior to 12.10.7 Apple Safari versions prior to 13.1.1 Apple iPadOS versions prior to 13.5 Apple iPhoneOS versions prior to 13.5 Apple tvOS versions prior to 13.4.8...

PrestaShop Authorization Issues Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from an authorization issue vulnerability that originates from an...

docker-engine docker-cli security update

docker-engine 19.03.11-1.0.0 - update to 19.03.11 for CVE-2020-13401 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 18.09.1-1.0.6 - disable kmem accounting for UEKR4 18.09.1-1.0.5 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 18.09.1-1.0.4 - fix...

CVE-2020-13998

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintaine...

The vulnerability of the Astra Linux Directory service’s EPPT management system, related to improper authorization, allows a perpetrator to access confidential data and also trigger a service failure.

The vulnerability of the Astra Linux Directory Service Management System ALD is related to an authentication error for local users. Exploiting this vulnerability can allow attackers to access confidential data and also cause service failures...

The vulnerability of the class-wp-rest-posts-controller function in the WordPress content management system, related to insecure privilege management, allows attackers to compromise data integrity.

The vulnerability of the class-wp-rest-posts-controller function in the WordPress content management system is related to an authentication error that allowed users to mark messages as fixed through the REST API. Exploiting this vulnerability could enable a malicious actor to compromise data...