Lucene search
K

52 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/10 12:0 a.m.221 views

Security Updates for Microsoft .NET Framework (January 2024)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows: - Denial of service vulnerability in Microsoft .NET Framework. CVE-2023-36042, CVE-2024-21312 - Security feature bypass in...

9.8CVSS7.9AI score0.03578EPSS
Exploits0References28
Veracode
Veracode
added 2023/10/23 3:28 a.m.13 views

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication Bypass. The vulnerability occurs when the only account added is the system account $SYS. In this scenario, the nats-server creates an implicit user in $G and designates it as the noauthuser account. This effectively enables the same...

6.8AI score
Exploits0
Prion
Prion
added 2023/10/19 11:15 p.m.26 views

Cross site scripting

Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected authcallback=1, which is leveraged by the WebSocket authentication logic in tandem with the state parameter. The state parameter contains the hassUrl, which is...

6CVSS8.7AI score0.00271EPSS
Exploits0References2Affected Software2
GithubExploit
GithubExploit
added 2022/10/31 1:24 p.m.835 views

Exploit for Improper Verification of Cryptographic Signature in Passport-Saml_Project Passport-Saml

Exploiting CVE-2022-39299 Signature bypass via multiple ro...

8.1CVSS8.4AI score0.03025EPSS
Exploits1
Metasploit
Metasploit
added 2022/09/24 7:49 p.m.1350 views

Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic

Many Hikvision IP cameras contain improper authentication logic which allows unauthenticated impersonation of any configured user account. The vulnerability has been present in Hikvision products since 2014. In addition to Hikvision-branded devices, it affects many white-labeled camera products...

9.8CVSS7.2AI score0.99998EPSS
Exploits11
CNVD
CNVD
added 2022/07/15 12:0 a.m.59 views

Samsung CACertificateInfo Elevation of Privilege Vulnerability

Samsung CACertificateInfo is a system component of Samsung Samsung mobile devices.An elevation of privilege vulnerability exists in Samsung CACertificateInfo, which stems from faulty authentication logic in CACertificateInfo. An attacker could exploit this vulnerability to initiate certain...

8.5CVSS5.2AI score0.00083EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.9 views

SAMSUNG Mobile devices 输入验证错误漏洞

Samsung CACertificateInfo is a system component of Samsung Samsung mobile devices.An elevation of privilege vulnerability exists in Samsung CACertificateInfo, which stems from faulty authentication logic in CACertificateInfo. An attacker could exploit this vulnerability to initiate certain...

8.5CVSS5.6AI score0.00083EPSS
Exploits0References2
Hacker One
Hacker One
added 2022/06/20 2:37 p.m.67 views

LinkedIn: Add me email address Authentication bypass

hi, this vulnerability can able to access user account without email verification in linkedins' add me email address function page. user add mail2 email address. without mail2 email address verification user can fully access mail1 linkedin account using mail2 email address. In linkedin mobile...

0.5AI score
Exploits0
CNVD
CNVD
added 2022/04/12 12:0 a.m.95 views

Samsung Security Supporter Access Control Error Vulnerability

Samsung Security Supporter is a Samsung built-in security support from Samsung, Korea.An access control error vulnerability exists in versions prior to Samsung Security Supporter 1.2.40.0, which stems from the presence of faulty access authentication logic. An attacker could exploit this...

4.4CVSS2.2AI score0.00239EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/12 12:0 a.m.47 views

Samsung Flow Access Control Error Vulnerability

Samsung flow is an application for Samsung Samsung mobile devices, a software used to connect Samsung to Win10-based computers for a seamless, secure, and connected experience.An access control error vulnerability exists in versions prior to Samsung Flow 4.8.06.5, which stems from a lack of prope...

5.1CVSS5AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 2022/03/30 8:15 p.m.14 views

CVE-2019-9564

A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32...

9.8CVSS0.01363EPSS
Exploits0References1
0day.today
0day.today
added 2022/02/10 12:0 a.m.396 views

Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQLi / Code Execution Vulnerabilities

Tokheim Profleet DiaLOG Fuel Management System version 11.005.02 suffers from a remote SQL injection vulnerability that can allow for remote code execution. Exploit Title: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 - SQLi Unauthenticated Exploit Author: golem445 Vendor Homepage:...

10CVSS0.6AI score0.01932EPSS
Exploits3
NVD
NVD
added 2021/10/06 8:15 p.m.18 views

CVE-2021-41129

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a confirmationtoken input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can...

8.1CVSS0.01696EPSS
Exploits0References4
OSV
OSV
added 2021/06/11 4:15 p.m.35 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.8AI score0.04808EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2021/06/11 3:49 p.m.29 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.5AI score0.04808EPSS
Exploits1
CVE
CVE
added 2021/06/11 3:49 p.m.160 views

CVE-2021-22904

CVE-2021-22904 concerns Rails Action Pack/token authentication DoS due to a too-permissive regular expression in Action Controller. Affected component: actionpack Ruby gem (versions before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6). Impact: potential denial of service via crafted requests or headers; no e...

7.5CVSS7.4AI score0.04808EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/05/07 7:31 p.m.24 views

CVE-2021-27570

An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic...

5.3CVSS0.01387EPSS
Exploits1References2
NVD
NVD
added 2021/05/07 7:31 p.m.18 views

CVE-2021-27569

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic...

5.3CVSS0.00637EPSS
Exploits1References2
Prion
Prion
added 2021/05/07 7:31 p.m.18 views

Authentication flaw

An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic...

5CVSS5.4AI score0.01387EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/05/07 4:31 p.m.42 views

CVE-2021-27570

CVE-2021-27570 affects Emote Remote Mouse (≤3.015). An attacker can remotely close any running process by sending the process name in a crafted packet. The affected communications are sent in cleartext and lack authentication, enabling network-based exploitation with low complexity and no privile...

5.3CVSS6.4AI score0.01387EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder