Lucene search
K

82 matches found

Positive Technologies
Positive Technologies
added 2022/02/06 12:0 a.m.5 views

PT-2022-15700 · Servisnet · Servisnet Tessa

Name of the Vulnerable Software and Affected Versions: Servisnet Tessa version 0.0.2 Description: An issue was discovered where authorization data is available via an unauthenticated request to the "/data-service/users/" API endpoint. Recommendations: For Servisnet Tessa version 0.0.2, consider...

10CVSS9.4AI score0.14058EPSS
Exploits4References7
Prion
Prion
added 2021/05/13 8:15 a.m.22 views

Design/Logic Flaw

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

3.5CVSS5.3AI score0.00623EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/06/19 7:15 p.m.16 views

Authorization

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data...

6.4CVSS9.1AI score0.01125EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.9 views

The vulnerability of the krb_parse_authz_data function in the SnAuthRPC module of the Secret Net Studio security system allows a hacker to trigger a service failure.

The vulnerability of the krbparseauthzdata function in the SnAuthRPC module of the Secret Net Studio security system is related to buffer overflow attacks. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

2.2CVSS5.9AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.7 views

The vulnerability of the krb_parse_authz_data function in the SnAuthRPC module of the Secret Net Studio security system allows a hacker to trigger a service failure.

The vulnerability of the krbparseauthzdata function in the SnAuthRPC module of the Secret Net Studio security system is related to the lack of checks for the execution of the memory allocation command. Exploitation of this vulnerability could allow a malicious actor to cause service failures...

2.2CVSS5.7AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/08 12:0 a.m.9 views

PT-2019-5406 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7, openshift-enterprise-3.9 through 3.11 Description: A reflected XSS issue exists in the authorization flow, allowing an attacker to steal...

5.4CVSS4.4AI score0.00876EPSS
Exploits0References8
CNVD
CNVD
added 2018/12/03 12:0 a.m.4 views

PHP-Proxy Weak Encryption Vulnerability

PHP-Proxy is a web-based proxy script featuring fast, easy customization and the ability to provide support for complex websites such as YouTube and Facebook. A weak encryption vulnerability in the strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy versions 5.1.0 and...

7.5CVSS6.6AI score0.01132EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/01 12:0 a.m.20 views

CVE-2018-19784

The strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...

7.3AI score0.01132EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2018/12/01 12:0 a.m.36 views

Inadequate Encryption Strength

The strrotpass function in PHP-Proxy uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...

7.5CVSS4AI score0.01132EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/12/01 12:0 a.m.43 views

CVE-2018-19784

The CVE-2018-19784 entry concerns PHP-Proxy 5.1.0, where the str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php uses weak cryptography. This weak crypto can allow an attacker to compute the authorization data needed for a local file inclusion (LFI). The issue is documented acros...

7.5CVSS7.3AI score0.01132EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2015/02/18 2:59 a.m.23 views

CVE-2015-1356

Siemens SIMATIC STEP 7 TIA Portal before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file...

4.4CVSS6.7AI score0.00512EPSS
Exploits0References1
Prion
Prion
added 2015/02/18 2:59 a.m.15 views

Authorization

Siemens SIMATIC STEP 7 TIA Portal before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file...

4.4CVSS7.2AI score0.00512EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/02/18 2:0 a.m.16 views

CVE-2015-1356

Siemens SIMATIC STEP 7 TIA Portal before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file...

6.7AI score0.00512EPSS
Exploits0References1
CVE
CVE
added 2015/02/18 2:0 a.m.53 views

CVE-2015-1356

Siemens SIMATIC STEP 7 TIA Portal (pre-13 SP1) stores device user privileges in project files with insufficient integrity protection, enabling modification of authorization data via a manipulated file and leading to privilege escalation. Mitigation: apply Siemens STEP 7 TIA Portal V13 Service Pac...

4.4CVSS6.9AI score0.00512EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2014/12/09 12:0 a.m.245 views

Windows Kerberos - Elevation of Privilege (MS14-068) Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python MS14-068 Exploit Author ------ Sylvain Monne Contact : sylvain dot monne at solucom dot fr http://twitter.com/bidord import sys, os from random import getrandbits from time import time, localtime, strftime from kek.ccache...

9CVSS0.4AI score0.87448EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2010/11/18 12:0 a.m.34 views

RHEL 6 : krb5 (RHSA-2010:0863)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2010:0863 advisory. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted...

6.5CVSS7.2AI score0.0304EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/10 7:0 p.m.31 views

krb5: KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006)

The mergeauthdata function in kdcauthdata.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service daemon crash, or possibly obtain sensitive...

6.5CVSS7AI score0.0304EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2010/10/15 12:0 a.m.25 views

Fedora 14 : krb5-1.8.2-6.fc14 (2010-15803)

This update incorporates the upstream patch to fix an uninitialized pointer crash in the KDC's authorization data handling routines CVE-2010-1322. It also pulls up a few backports and compilation flag changes from F15. Note that Tenable Network Security has extracted the preceding description blo...

6.5CVSS6.8AI score0.0304EPSS
Exploits0References3
OSV
OSV
added 2010/10/07 9:0 p.m.5 views

CVE-2010-1322

The mergeauthdata function in kdcauthdata.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service daemon crash, or possibly obtain sensitive...

7.5AI score0.0304EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.26 views

RHEL 2.1 : pam (RHSA-2003:028)

Updated PAM packages are now available. These packages correct a bug in pamxauth's handling of authorization data for the root user. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS The pamxauth module is used to forward xauth information from...

7.2CVSS5.6AI score0.00431EPSS
Exploits0References4
Rows per page
Query Builder