Lucene search
K

320 matches found

seebug.org
seebug.org
added 2014/03/25 12:0 a.m.14 views

Gitblit External Authentication Providers未明验证绕过漏洞

Bugtraq ID:66324 Gitblit是一个纯Java库用来管理、查看和处理Git资料库。 相关Gitblit的External Authentication Providers存在错误,允许拥有合法用户名的攻击者利用漏洞绕过验证,进行未授权操作。 0 Gitblit 1.x Gitblit 1.4.1已经修复该漏洞,建议用户下载更新: http://gitblit.com...

7.1AI score
Exploits0
NVD
NVD
added 2013/11/05 6:55 p.m.25 views

CVE-2013-4435

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

6CVSS6.6AI score0.01515EPSS
Exploits0References2
OSV
OSV
added 2013/11/05 6:55 p.m.4 views

UBUNTU-CVE-2013-4435

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

6CVSS5.9AI score0.01515EPSS
Exploits0References5
Prion
Prion
added 2013/11/05 6:55 p.m.13 views

Authentication flaw

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

6CVSS7.2AI score0.01515EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2013/11/05 6:55 p.m.20 views

CVE-2013-4435

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

6CVSS5.9AI score0.01515EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/11/05 6:0 p.m.27 views

CVE-2013-4435

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

6.5AI score0.01515EPSS
Exploits0References2
CVE
CVE
added 2013/06/21 12:0 a.m.15 views

CVE-2013-0521: IBM Sterling External Authentication Server self-signed certificate

IBM Sterling External Authentication Server is affected by CVE-2013-0521 due to the Webstart GUI being signed with a self-signed certificate, causing browsers to not recognize authenticity and potentially enabling attacks via untrusted code execution. The IBM bulletin lists affected SEAS versions...

2.4CVSS7.5AI score
Exploits0References2
securityvulns
securityvulns
added 2013/06/17 12:0 a.m.42 views

Ruckus ZoneDirector authentication bypass

Unauthorized access if external authentication protocol is configured...

3.5AI score
Exploits0References1Affected Software1
CVE
CVE
added 2013/05/03 12:0 a.m.23 views

CVE-2013-0514: IBM Sterling External Authentication Server information disclosure

IBM Sterling External Authentication Server (SEAS) is affected by CVE-2013-0514 (information disclosure on error) and CVE-2013-0517 (OS command execution). The 0514 issue can leak product details during error handling; 0517 enables a local attacker with admin access to execute arbitrary OS comman...

3.7CVSS7.2AI score
Exploits0References2
OpenVAS
OpenVAS
added 2012/08/14 12:0 a.m.20 views

Fedora Update for perl-RT-Authen-ExternalAuth FEDORA-2012-11360

Check for the Version of perl-RT-Authen-ExternalAuth OpenVAS Vulnerability Test Fedora Update for perl-RT-Authen-ExternalAuth FEDORA-2012-11360 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

5CVSS6.4AI score0.01362EPSS
Exploits0References2
Atlassian
Atlassian
added 2009/02/20 12:41 a.m.18 views

Redirect that works in 2.9 is broken in later Confluence versions

Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/02/20 12:41 a.m.20 views

Redirect that works in 2.9 is broken in later Confluence versions

Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...

1.7AI score
Exploits0
Atlassian
Atlassian
added 2009/02/20 12:41 a.m.17 views

Redirect that works in 2.9 is broken in later Confluence versions

Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...

1.7AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2005/12/16 12:0 a.m.30 views

Business Objects WebIntelligence 6.5x Account Lockout and System DoS

Computer Sciences Corporation Security Advisory December 14, 2005 Summary: CSC have discovered an issue that could impact upon the availability and security of servers operating Business Objects WebIntelligence software. If a remote malicious attacker is able to access authentication mechanisms...

0.4AI score
Exploits0
CVE
CVE
added 2002/03/09 5:0 a.m.50 views

CVE-1999-1481

Squid 2.2.STABLE5 and earlier versions are affected when using external authentication. A newline in the user/password pair can bypass access controls, enabling unauthorized access. The available documents confirm the affected software and the bypass condition but do not provide remediation detai...

5CVSS6.9AI score0.03573EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2001/09/12 4:0 a.m.45 views

CVE-1999-1558

CVE-1999-1558 describes a vulnerability in the loginout component of Digital OpenVMS 7.1 and earlier where unauthorized access is possible when external authentication is enabled. The CVSS v2 base score is 7.5 (HIGH) with network attack vector, low attack complexity, and partial impact to confide...

7.5CVSS7.5AI score0.01369EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.16 views

CVE-1999-1558

Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled...

6.8AI score0.01369EPSS
Exploits0References3
NVD
NVD
added 1999/12/31 5:0 a.m.16 views

CVE-1999-1481

Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair...

5CVSS6.5AI score0.03573EPSS
Exploits1References4
Packet Storm
Packet Storm
added 1999/11/03 12:0 a.m.29 views

squid.exploit.txt

Holla, since some people asked how to exploit the squid bug, I send a description along. Assumptions: 1. You use plain squid-2.2-STABLE5 or below. Also, external authentification is active using a some external authentication program, which basically follows the implementation guidelines given on...

7.4AI score
Exploits0
NVD
NVD
added 1998/07/16 4:0 a.m.10 views

CVE-1999-1558

Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled...

7.5CVSS0.01369EPSS
Exploits0References3
Rows per page
Query Builder