Lucene search
+L

24 matches found

redhatcve
redhatcve
added 2026/01/09 10:10 a.m.5 views

CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

9.8CVSS7AI score0.01749EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-1921

Malware in sbrugna...

6.1CVSS6.5AI score0.46323EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5652

Malware in sbrugna...

6.5CVSS7.8AI score0.01022EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.11 views

EUVD-2019-2891

Malware in sbrugna...

9.8CVSS9.2AI score0.01749EPSS
Exploits0References4
nessus
nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form...

6.1CVSS7AI score0.46323EPSS
Exploits0References2
nessus
nessus
added 2025/08/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-11187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the...

9.8CVSS8.1AI score0.01749EPSS
Exploits0References2
nvd
nvd
added 2019/12/31 6:15 p.m.26 views

CVE-2019-14466

The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...

6.5CVSS6.1AI score0.01022EPSS
Exploits0References2
osv
osv
added 2019/12/31 6:15 p.m.3 views

DEBIAN-CVE-2019-14466

The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...

6.5CVSS7AI score0.01022EPSS
Exploits0References1
prion
prion
added 2019/12/31 6:15 p.m.19 views

Design/Logic Flaw

The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...

5.5CVSS6.3AI score0.01022EPSS
Exploits0References2Affected Software2
ubuntucve
ubuntucve
added 2019/12/31 6:15 p.m.37 views

CVE-2019-14466

The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...

6.5CVSS7AI score0.01022EPSS
Exploits0References5
nvd
nvd
added 2019/08/15 5:15 p.m.18 views

CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

9.8CVSS9.5AI score0.01749EPSS
Exploits0References2
osv
osv
added 2019/08/15 5:15 p.m.8 views

CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

9.8CVSS9.5AI score
Exploits0References2
prion
prion
added 2019/08/15 5:15 p.m.15 views

Improper access control

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

7.5CVSS9.4AI score0.01749EPSS
Exploits0References2Affected Software2
ubuntucve
ubuntucve
added 2019/08/15 5:15 p.m.22 views

CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

9.8CVSS7.2AI score0.01749EPSS
Exploits0References2
cvelist
cvelist
added 2019/08/15 4:21 p.m.27 views

CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

7.9AI score0.01749EPSS
Exploits0References2
cve
cve
added 2019/08/15 4:21 p.m.93 views

CVE-2019-11187

CVE-2019-11187 concerns the GOsa LDAP class in GONICUS GOsa up to 2019-04-11, where an incorrect access-control flaw can allow login to any account whose username contains the case-insensitive substring “success” when an arbitrary password is provided. The issue is described as an authorization b...

9.8CVSS7.8AI score0.01749EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2019/08/15 4:21 p.m.31 views

CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

9.8CVSS9.5AI score0.01749EPSS
Exploits0
nvd
nvd
added 2018/06/26 4:29 p.m.14 views

CVE-2018-1000528

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...

6.1CVSS6.3AI score0.46323EPSS
Exploits0References4
osv
osv
added 2018/06/26 4:29 p.m.22 views

CVE-2018-1000528

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...

6.1CVSS6.3AI score
Exploits0References4
prion
prion
added 2018/06/26 4:29 p.m.24 views

Cross site scripting

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...

4.3CVSS6.3AI score0.46323EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder