51 matches found
GHSA-MCQX-WC2J-QX9V GitHub Authentication Plugin session fixation vulnerability
An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...
Vulnerabilities fixed in Python
Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...
keycloak-model-infinispan: authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly could lead to a DoS attack
A flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly. This issue leads to a denial of service...
Privilege escalation
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access...
CVE-2019-10371
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...
UBUNTU-CVE-2019-2386
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Exploit
Exploit for windows platform in category local exploits Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV...
CVE-2018-1000602
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...
The vulnerability of the software for managing devices in the OnCell Central Manager allows a hacker to gain administrator privileges.
The vulnerability of the login function in the RequestController class of the software tool for managing devices in the OnCell Central Manager network is related to the rigid encoding of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...
Security update for polkit (important)
Polkit was updated to 0.113 to fix four security issues. The following vulnerabilities were fixed: CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. boo935119 CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript...
Offline WPS Bruteforce Utility: PixieWPS
Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack Additional Video: http://video.adm.ntnu.no/pres/549931214e18d Pixiewps requires libssl. To install it: sudo apt-get install libssl-dev Installation:...