Astra Linux - уязвимость в opensc

A flaw was discovered in OpenSC packages that could allow for a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length PIN is passed. This issue poses a security risk, especially for OS...

EUVD-2008-1269

Malware in sbrugna...

EUVD-2022-5106

Malicious code in bioql PyPI...

EUVD-2022-28462

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-6625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not...

CVE-2022-46650

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page...

Cross-site Scripting (XSS)

TYPO3 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to failing to properly encode user input in the login status display in the website frontend, requiring a valid user account either backend or frontend to exploit...

GHSA-8C25-VJ2W-P72J TYPO3 Cross-Site Scripting in Frontend User Login

Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template...

Glassdoor: Cross-Site Leakage of Review Ownership via Navigation Detection

A vulnerability allowed detection of user login status by exploiting differences in Cross-Origin-Opener-Policy COOP headers between authenticated and unauthenticated states on the website. The issue was addressed by implementing consistent COOP headers across all domains...

Gnome control center security vulnerability

Gnome control center is a graphical user interface for the GNOME project. It is used to configure all aspects of Gnome. A security vulnerability exists in Gnome control center that stems from an inability to accurately reflect SSH remote login status...

USN-6554-1 gnome-control-center vulnerability

Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. Remote SSH access may be unknowingly enabled, contrary to expectation...

CVE-2023-40660

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...

PT-2023-24381 · Planet Technologies · Wdrt-1800Ax

Name of the Vulnerable Software and Affected Versions: Planet Technologies WDRT-1800AX version v1.01-CP21 Description: The issue allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie. Recommendations: For Planet Technologies WDRT-1800...

SUSE CVE-2016-6625

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to...

Sierra Wireless AirLink Router 信息泄露漏洞

Sierra Wireless AirLink Router is a series of wireless routers from Sierra. A security vulnerability exists in the Sierra Wireless AirLink Router that stems from the fact that a user with valid ACEManager credentials and access to the ACEManager interface can reconfigure the device so that the...

PT-2023-32217 · Gnome +3 · Gnome-Control-Center +3

Name of the Vulnerable Software and Affected Versions: gnome-control-center affected versions not specified Description: The issue arises when the system is configured to use systemd socket activation for openssh-server, causing gnome-control-center to not properly reflect the SSH remote login...

GHSA-PX42-MR8M-CPGH JBoss KeyCloak Cross-site Scripting Vulnerability

If a JBoss Keycloak application was configured to use as a permitted web origin in the Keycloak administrative console, crafted requests to the login-status-iframe.html endpoint could inject arbitrary Javascript into the generated HTML code via the "origin" query parameter, leading to a cross-sit...

Nagios XI 5.7.x Remote Code Execution

Exploit Title: Nagios XI 5.7.X - Remote Code Exection RCE Authenticated Date: 19/12/2020 Exploit Author: Haboob Team https://haboob.sa Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios XI 5.7.x Tested on: Ubuntu 18.04 / PHP 7.2.24 & Vendor's custom VM CVE: CVE-2020-35578...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2021-54004)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Versions prior to Mozilla Firefox 80 and versions prior to Android-based Firefox 80 are vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain the login status of ...

Code injection

When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...