CVE-2013-4178

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...

Authentication flaw

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...

CVE-2013-4178

CVE-2013-4178 affects the Google Authenticator login module for Drupal (6.x-1.x prior to 6.x-1.2; 7.x-1.x prior to 7.x-1.4). The issue allows remote attackers to gain access by replaying a login request containing username, password, and OTP. Affected versions are explicit; Drupal core is not aff...

Zikula CMS v1.3.5 - Multiple Web Vulnerabilities

Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1114 Comm...

CVE-2013-0258

The CVE-2013-0258 entry concerns the Drupal ga_login module (Drupal 7.x) prior to 7.x-1.3, where multi-factor authentication is enabled but an attacker can bypass login by using a username if no Google Authenticator token is associated with the account. The root cause is a flawed authentication b...

PT-2013-1816 · Red Hat · Red Hat Jboss Enterprise Application Platform +1

Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform EAP versions 4.3.0 CP10 through 6.0.1 JBoss Enterprise Web Platform EWP version 5.2.0 Description: The default configuration of the LdapLoginModule and LdapExtLoginModule modules allows remote attackers t...

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided

The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...

JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided

The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...

JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided

The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...

PHPDrive privilege elevation vulnerability and the Fix-vulnerability warning-the black bar safety net

PHPDrive is set to run in the PHP environment file management system, can be applied to a network disk, enterprise document management, schools, team management, software, file, CMS, etc. includes/user.lib.php Row 8 7 function getip ifisset$SERVER"HTTPXFORWARDEDFOR"&&$SERVER"HTTPXFORWARDEDFOR" $i...

CVE-2012-4489

Open redirect vulnerability in the secureloginsecureredirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter...

Open redirect

Open redirect vulnerability in the secureloginsecureredirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter...

CVE-2012-4489

CVE-2012-4489 describes an open redirect in Drupal’s Secure Login module (7.x-1.x) prior to 7.x-1.3, via the q parameter in securelogin_secure_redirect. An unauthenticated user could lure victims to phishing sites by supplying a malicious redirect URL. Supported by NVD entry and multiple vendor r...

SA-CONTRIB-2011-048 - Certificate Login SQL Injection

The Certificate login module provides client certificate authentication of Drupal users. The authentication is based on the client certificate's data fields, which are then used as the user name for authentication. The obtained data isn't properly sanitized using Drupal's database API, which may...

IBM WebSphere Application Server (WAS) Security Bypass Vulnerability

The host is running IBM WebSphere Application Server and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodibmwassecbypassvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ IBM WebSphere Application Server WAS Security Bypass Vulnerability Authors: Antu Sanadi Copyright:...

IBM WebSphere Application Server 6.1.0.9 Security Bypass Vulnerability

IBM WebSphere Application Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only. CPE =...

CVE-2011-1032

IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors...

2daybiz Web Template Software Cross Site Scripting / SQL Injection

$------------------------------------------------------------------------------------------------------------------- $ 2daybiz - The Web Template Software SQL and XSS vulnerability $ Author : Sangteamtham $ Home : Hcegroup.net $ Download :http://www.2daybiz.com/webtemplatesoftware.html $ Date...