rm-oneview-poc

RM OneView — Proof of Concept A working POC of the Relationsh...

MinIO LDAP login brute-force via user enumeration and missing rate limit

Impact What kind of vulnerability is it? Who is impacted? MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration, and 2 absence ...

CVE-2025-13953

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

CVE-2025-13953

CVE-2025-13953 describes a bypass of the authentication method in the GTT Tax Information System (GTT Sistema de Información Tributario) due to improper validation of data received over a local WebSocket used for LDAP-based login. The root cause is insufficient verification of authenticity/origin...

CVE-2025-27912

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when 1 Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or 2 when username/password or Active Directory authentication is in use and a...

PT-2024-40396 · Ez Systems · Ez Publish Legacy

Name of the Vulnerable Software and Affected Versions: eZ Publish Legacy affected versions not specified Description: The issue concerns a failure of the standard login handler to verify passwords correctly in certain configurations, potentially allowing unauthorized access. This can occur in...

Daas Studio An error occurred while contacting the Delivery Controller failed with unknown Error(0)

Access to DaaS Web Studio and Director is not possible with Azure AD login when Palo Alto is in use. Error "An error occurred while contacting the Delivery Controller. Accessinghttps://.xendesktop.net/citrix/orchestration/api/techpreview/me failed with 'unknown Error' 0. Accessing the URL...

Vulnerabilities fixed in Apache ActiveMQ

Vulnerabilities have been fixed in Apache ActiveMQ. The vulnerabilities allow a malicious party to bypass authentication bypassing. Bypassing authentication is only possible when the optional LDAP login module is used. Apache has released updates to fix the vulnerability. More information can be...

DEBIAN-CVE-2021-26117

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

Apache ActiveMQ 授权问题漏洞

Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. An authorization issue vulnerability exists in the Apache ActiveMQ LDAP login module, which stems from an...

Error: The trust relationship between this workstation and the primary domain failed

Users cannot log on to a system using Active Directory credentials and the following error message appears: "The trust relationship between this workstation and the primary domain failed.” This issue is seen when the session logon is attempted through Remote Desktop Protocol, ICA, or directly at...

VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - Multiple forgery vulnerabilities exist in the bundled version of MIT Kerberos 5 krb5. An attacker can exploit these issues to impersonate a client, escalate privileges...