320 matches found
Gitblit External Authentication Providers未明验证绕过漏洞
Bugtraq ID:66324 Gitblit是一个纯Java库用来管理、查看和处理Git资料库。 相关Gitblit的External Authentication Providers存在错误,允许拥有合法用户名的攻击者利用漏洞绕过验证,进行未授权操作。 0 Gitblit 1.x Gitblit 1.4.1已经修复该漏洞,建议用户下载更新: http://gitblit.com...
CVE-2013-4435
Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...
UBUNTU-CVE-2013-4435
Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...
Authentication flaw
Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...
CVE-2013-4435
Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...
CVE-2013-4435
Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...
CVE-2013-0521: IBM Sterling External Authentication Server self-signed certificate
IBM Sterling External Authentication Server is affected by CVE-2013-0521 due to the Webstart GUI being signed with a self-signed certificate, causing browsers to not recognize authenticity and potentially enabling attacks via untrusted code execution. The IBM bulletin lists affected SEAS versions...
Ruckus ZoneDirector authentication bypass
Unauthorized access if external authentication protocol is configured...
CVE-2013-0514: IBM Sterling External Authentication Server information disclosure
IBM Sterling External Authentication Server (SEAS) is affected by CVE-2013-0514 (information disclosure on error) and CVE-2013-0517 (OS command execution). The 0514 issue can leak product details during error handling; 0517 enables a local attacker with admin access to execute arbitrary OS comman...
Fedora Update for perl-RT-Authen-ExternalAuth FEDORA-2012-11360
Check for the Version of perl-RT-Authen-ExternalAuth OpenVAS Vulnerability Test Fedora Update for perl-RT-Authen-ExternalAuth FEDORA-2012-11360 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Redirect that works in 2.9 is broken in later Confluence versions
Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...
Redirect that works in 2.9 is broken in later Confluence versions
Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...
Redirect that works in 2.9 is broken in later Confluence versions
Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...
Business Objects WebIntelligence 6.5x Account Lockout and System DoS
Computer Sciences Corporation Security Advisory December 14, 2005 Summary: CSC have discovered an issue that could impact upon the availability and security of servers operating Business Objects WebIntelligence software. If a remote malicious attacker is able to access authentication mechanisms...
CVE-1999-1481
Squid 2.2.STABLE5 and earlier versions are affected when using external authentication. A newline in the user/password pair can bypass access controls, enabling unauthorized access. The available documents confirm the affected software and the bypass condition but do not provide remediation detai...
CVE-1999-1558
CVE-1999-1558 describes a vulnerability in the loginout component of Digital OpenVMS 7.1 and earlier where unauthorized access is possible when external authentication is enabled. The CVSS v2 base score is 7.5 (HIGH) with network attack vector, low attack complexity, and partial impact to confide...
CVE-1999-1558
Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled...
CVE-1999-1481
Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair...
squid.exploit.txt
Holla, since some people asked how to exploit the squid bug, I send a description along. Assumptions: 1. You use plain squid-2.2-STABLE5 or below. Also, external authentification is active using a some external authentication program, which basically follows the implementation guidelines given on...
CVE-1999-1558
Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled...