Nusiorung CMS 2016 SQL Injection

Document Title: =============== Nusiorung CMS 2016 - Login Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1875 Release Date: ============= 2016-07-13 Vulnerability Laboratory ID VL-ID: ==================================== 1875...

The vulnerability of the Apache ActiveMQ software platform, which allows a perpetrator to bypass the authentication process

The vulnerability of the LDAPLoginModule and the Java Authentication and Authorization Service components of the Apache ActiveMQ software platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process ...

Authentication flaw

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...

WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability

Document Title: =============== WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1614 Release Date: ============= 2015-10-07 Vulnerability Laboratory ID VL-ID: ==================================== 1614...

Joomla CMS 'login' Module XSS Vulnerability

Joomla is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

Joomla! CMS 3.4.3 Cross Site Scripting

Exploit Title: Joomla! CMS 3.4.0-3.4.3 XSS Vulnerability Date: 2015-08-18 Exploit Author: cfreer [email protected] & 0keeteam Vendor Homepage: http://joomla.org Version: 3.4.0 through 3.4.3 Tested on: Apache/2.4.7 Win32 CVE : CVE-2015-6939 Description Inadequate escaping leads to XSS vulnerabilit...

Joomla! CMS 3.4.3 Cross Site Scripting Vulnerability

Joomla! CMS versions 3.4.0 through 3.4.3 suffer from a cross site scripting vulnerability. Exploit Title: Joomla! CMS 3.4.0-3.4.3 XSS Vulnerability Date: 2015-08-18 Exploit Author: cfreer email protected & 0keeteam Vendor Homepage: http://joomla.org Version: 3.4.0 through 3.4.3 Tested on:...

Cross-Site Scripting Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. login is one of the login module . A cross-site scripting vulnerability exists in the login module in Joomla! versions 3.4.4 and 3.4.x prior to Joomla! A remote attacker can exploit...

Cross site scripting

Cross-site scripting XSS vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Joomla! -- Core - XSS Vulnerability

The JSST and the Joomla! Security Center report: 20150908 - Core - XSS Vulnerability Inadequate escaping leads to XSS vulnerability in login module...

Apache ActiveMQ Java Authentication and Authorization Service Certificate Acquisition Vulnerability

Apache ActiveMQ is the United States Apache Apache Software Foundation developed a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ 5.10.1 before version 5.x of the Java Authentication and Authorization...

UBUNTU-CVE-2015-6524

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...

DEBIAN-CVE-2014-3612

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...

[20150908] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in login module...

The vulnerability of the distributed network access control device of SolarWinds Firewall Security Manager allows a hacker to elevate their privileges and execute arbitrary code within the client session.

The vulnerability of the userlogin.jsp module in the SolarWinds Firewall Security Manager distributed network access control system allows a malicious actor to escalate their privileges and execute arbitrary code within the client session...

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.1.0 update

Red Hat JBoss BRMS 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.3.3 update (Moderate) (RHSA-2015:0216)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0216 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that t...

Apache ActiveMQ LDAP Authentication Bypass Vulnerability

Apache ActiveMQ is an open source message bus that supports JMS1.1 and J2EE 1.4 specification of the JMS Provider implementation . Apache ActiveMQ is configured to support LDAP servers with unauthenticated authentication mechanisms. A vulnerability in the LDAPLoginModule implementation provided b...

BibORB 1.3.2 Login Module Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML...