CVE-2021-21020

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources...

Apache ActiveMQ Authorization Issues Vulnerability

Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. An authorization issue vulnerability exists in the Apache ActiveMQ LDAP login module, which stems from an...

Vulnerabilities fixed in Apache ActiveMQ

Vulnerabilities have been fixed in Apache ActiveMQ. The vulnerabilities allow a malicious party to bypass authentication bypassing. Bypassing authentication is only possible when the optional LDAP login module is used. Apache has released updates to fix the vulnerability. More information can be...

CVE-2021-26117

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

Design/Logic Flaw

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

UBUNTU-CVE-2021-26117

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

CVE-2021-26117

CVE-2021-26117 describes an LDAP authentication weakness in the optional ActiveMQ LDAP login module where anonymous access can bypass password verification. Connected sources confirm affected lines: Apache ActiveMQ Artemis prior to 2.16.0 and Apache ActiveMQ prior to 5.16.1 and 5.15.14. Debian/Ub...

CVE-2021-26117

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

PT-2020-16109 · Cmsuno · Cmsuno

Name of the Vulnerable Software and Affected Versions: CMSuno version 1.6.2 Description: The issue allows an attacker to inject malicious PHP code as a username while changing their username and password. After the attacker logs in to the application, their code will be executed, enabling an...

Local File Inclusion

contao/core-bundle is vulnerable to local file inclusion. insert tags can be injected into the login module which will be replaced when the page is rendered. This could potentially allow for arbitrary code execution when an attacker is able to upload a malicious file into the server...

Insert tag injection in the Contao login module

Impact It is possible to inject insert tags into the login module which will be replaced when the page is rendered. Patches Update to Contao 4.8.6. Workarounds None. References https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module For more information If you have any...

GHSA-JC43-QRRP-98F5 Insert tag injection in the Contao login module

Impact It is possible to inject insert tags into the login module which will be replaced when the page is rendered. Patches Update to Contao 4.8.6. Workarounds None. References https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module For more information If you have any...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

Design/Logic Flaw

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

CVE-2019-19714

Contao CVE-2019-19714 affects Contao CMS 4.8.4 and 4.8.5, where improper encoding/escaping in the login module allows injection of insert tags that are replaced during page rendering. This is due to insufficient output encoding in the login module, with the advised remediation to upgrade to Conta...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

Insert tag injection in the login module

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html...

Insert tag injection in the login module

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html...

Insert tag injection in the login module

Date : 2019-12-17 CVE ID : CVE-2019-19714 Description It is possible to inject insert tags into the login module which will be replaced when the page is rendered. Affected versions Contao 4.8.4 and 4.8.5 Suggested solution Update to Contao 4.8.6...