CVE-2020-7856

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation...

CVE-2021-26905

CVE-2021-26905: Affects 1Password SCIM Bridge prior to 1.6.2. The component mishandles validation of authenticated requests for log files, allowing exposure of the TLS private key. Remediation: upgrade to 1.6.2 or later. No exploitation details are provided in the sources; vulnerability context i...

Security Bulletin: Apache ActiveMQ Vulnerability Affects IBM Control Center (CVE-2020-13920)

Summary Apache ActiveMQ is vulnerable to a man-in-the-middle attack. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX RMI registry. By creating another serv...

CVE-2021-22171

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link...

PT-2021-14886 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.5 and later Description: The issue is related to insufficient validation of authentication parameters in GitLab Pages, allowing an attacker to steal a victim's API token if they click on a maliciously crafted link...

Security Bulletin: Apache Shiro as used by Master Console is vulnerable to improper acceess control (CVE-2020-13933)

Summary Apache Shiro as used by Master Console is vulnerable to improper acceess control Vulnerability Details CVEID: CVE-2020-13933 DESCRIPTION: Apache Shiro could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially-crafte...

CVE-2020-15787

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels All versions = V16. Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a...

CVE-2020-4662

IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233...

CVE-2020-4662

IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233...

CVE-2013-3215

vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function...

GHSA-24R8-FM9R-CPJ2 Low severity vulnerability that affects com.linecorp.armeria:armeria

Multiple timing attack vulnerabilities leading to the recovery of secrets based on the use of non-constant time compare function Impact String comparison method in multiple authentication validation in Armeria were known to be vulnerable to timing attacks. This vulnerability is caused by the...

Low severity vulnerability that affects com.linecorp.armeria:armeria

Multiple timing attack vulnerabilities leading to the recovery of secrets based on the use of non-constant time compare function Impact String comparison method in multiple authentication validation in Armeria were known to be vulnerable to timing attacks. This vulnerability is caused by the...

CVE-2018-0886

The Credential Security Support Provider protocol CredSSP in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code...

Trend Micro Control Manager sCloudService GetPassword SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPassword method, which is called by the sCloudService servlet. The...

Git-hub Remote Code Execution Vulnerability (CNVD-2016-09528)

GitHub is a hosting platform for open source and private software projects. A remote code execution vulnerability exists in GitHub repository name does not adequately validate authentication, which can be exploited by an attacker to execute arbitrary code...

ManageEngine Applications Manager < 12710 Multiple Vulnerabilities - Active Check

ManageEngine Applications Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 device could allow an unauthenticated, remote attacker to access a web page that should be restricted. The vulnerability is due to improper authentication validation. An attacker could exploit this vulnerability by accessing a certa...

PageAdmin多处设计缺陷可getshell

简要描述： rt 详细说明： text3 = now.AddSecondsdoublerandom.Next3600, 86164.ToString"yyyyMMddHHmmss"; masterlogin.imMAPgbr7QUplCu6n3ehttpCookie.Add"Valicate", masterlogin.sxW4jRbFsutFEAxed8Smd, text3; 管理员登陆成功，SetCookie 登陆时间+（3600，86164）之间随机的秒数，进行GetMd5运算。 public string GetMd5string s MD5 mD = new...

PT-2014-7217 · Red Hat +3 · Ceph +3

Name of the Vulnerable Software and Affected Versions: Ceph versions prior to 3.16.3 Linux kernel versions prior to 3.16.3 Description: The issue is related to the improper validation of auth replies in the net/ceph/auth x.c component. This can be exploited by remote attackers using crafted data...

NullLogic Groupware <= 1.2.7 Multiple Vulnerabilities - Linux

NullLogic Groupware is prone to multiple vulnerabilities. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...