24 matches found
CVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...
EUVD-2018-1921
Malware in sbrugna...
EUVD-2019-5652
Malware in sbrugna...
EUVD-2019-2891
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-1000528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form...
Linux Distros Unpatched Vulnerability : CVE-2019-11187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the...
CVE-2019-14466
The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...
DEBIAN-CVE-2019-14466
The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...
Design/Logic Flaw
The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...
CVE-2019-14466
The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...
CVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...
CVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...
Improper access control
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...
CVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...
CVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...
CVE-2019-11187
CVE-2019-11187 concerns the GOsa LDAP class in GONICUS GOsa up to 2019-04-11, where an incorrect access-control flaw can allow login to any account whose username contains the case-insensitive substring “success” when an arbitrary password is provided. The issue is described as an authorization b...
CVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...
CVE-2018-1000528
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...
CVE-2018-1000528
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...
Cross site scripting
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...