Lucene search
+L

571 matches found

nessus
nessus
added 2024/07/23 12:0 a.m.58 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache ActiveMQ vulnerabilities (USN-6910-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6910-1 advisory. Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly...

10CVSS7.3AI score0.99654EPSS
Exploits33References7
nvd
nvd
added 2024/06/29 10:15 p.m.35 views

CVE-2024-39848

Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Service...

9.1CVSS0.00438EPSS
Exploits0References1
cve
cve
added 2024/06/29 12:0 a.m.70 views

CVE-2024-39848

CVE-2024-39848 affects Internet2 Grouper prior to 5.6 and Grouper for Web Services prior to 4.13.1. The issue is an authentication bypass when LDAP authentication is used in certain ways, linked to WsGrouperLdapAuthentication and the use of a hard-coded UyY29r password for the M3vwHr account. Imp...

9.1CVSS7AI score0.00438EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/06/29 12:0 a.m.10 views

PT-2024-28699 · Internet2 · Grouper For Web Services +1

Name of the Vulnerable Software and Affected Versions: Internet2 Grouper versions prior to 5.6 Grouper for Web Services versions prior to 4.13.1 Description: The issue allows authentication bypass when LDAP authentication is used in certain ways. This is related to the...

9.1CVSS7.7AI score0.00438EPSS
Exploits0References3
freebsd
freebsd
added 2024/06/27 12:0 a.m.9 views

security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response

Graham Northup reports: A buffer overflow in extractopenvpncr allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow...

6.3CVSS7.5AI score0.00421EPSS
Exploits0References1
nvd
nvd
added 2024/05/29 1:15 p.m.28 views

CVE-2024-25976

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...

6.1CVSS6.4AI score0.00604EPSS
Exploits1References3
cve
cve
added 2024/05/29 12:22 p.m.83 views

CVE-2024-25976

The CVE-2024-25976 entry refers to HAWKI (HAWK Digital Environments)—a university teaching interface. When LDAP authentication is enabled, the application reflects the value of $_SERVER['PHP_SELF'] in login.php, enabling reflected XSS that allows arbitrary JavaScript execution in the victim’s bro...

6.1CVSS6.5AI score0.00604EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2024/05/29 12:22 p.m.13 views

CVE-2024-25976 Reflected Cross-Site-Scripting (XSS)

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...

6.6AI score0.00604EPSS
Exploits1References3
cvelist
cvelist
added 2024/05/29 12:22 p.m.34 views

CVE-2024-25976 Reflected Cross-Site-Scripting (XSS)

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...

6.4AI score0.00604EPSS
Exploits1References3
osv
osv
added 2024/05/29 12:22 p.m.21 views

CVE-2024-25976 Reflected Cross-Site-Scripting (XSS)

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...

6.1CVSS6.3AI score0.00604EPSS
Exploits1References6
packetstorm
packetstorm
added 2024/05/28 12:0 a.m.376 views

HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: HAWKI Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany vulnerable version: 1.0.0-beta.1,...

7.4AI score0.00604EPSS
Exploits1
nvd
nvd
added 2024/05/23 10:15 p.m.32 views

CVE-2024-5227

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability...

7.5CVSS8AI score0.0071EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/05/23 9:55 p.m.12 views

CVE-2024-5227 TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability...

7.5CVSS8AI score0.0071EPSS
Exploits0References1
cvelist
cvelist
added 2024/05/23 9:55 p.m.28 views

CVE-2024-5227 TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability...

7.5CVSS8AI score0.0071EPSS
Exploits0References1
zdi
zdi
added 2024/05/23 12:0 a.m.26 views

(Pwn2Own) TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication. The...

7.5CVSS7.5AI score0.0071EPSS
Exploits0References1
ibm
ibm
added 2024/05/07 7:59 p.m.64 views

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

9CVSS9.9AI score0.53861EPSS
Exploits2Affected Software1
nvd
nvd
added 2024/03/22 3:15 p.m.12 views

CVE-2024-29865

Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form...

5.4CVSS6.8AI score0.00307EPSS
Exploits0References1
cvelist
cvelist
added 2024/03/22 12:0 a.m.14 views

CVE-2024-29865

Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form...

7AI score0.00307EPSS
Exploits0References1
osv
osv
added 2024/03/06 11:4 a.m.17 views

BIT-PARSE-2020-26288 Parse Server stores password in plain text

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

7.7CVSS6.8AI score0.00796EPSS
Exploits0References5
f5
f5
added 2024/03/05 4:10 a.m.44 views

K000138814: OpenLDAP vulnerability CVE-2023-2953

Security Advisory Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function. CVE-2023-2953. Impact This vulnerability may result in low system memory leading to failure in LDAP authentication. Security Advisory Status F5 Produ...

7.5CVSS6.7AI score0.01947EPSS
Exploits0Affected Software15
Rows per page
Query Builder