34 matches found
GeoVision GV-VMS 缓冲区错误漏洞
GeoVision GV-VMS is a video management system software developed by GeoVision Corporation in China. The GeoVision GV-VMS V20 20.0.2 version contains a buffer error vulnerability. This vulnerability stems from the sscanf function in the WebCam Server login feature, which does not limit the size of...
CVE-2026-39912
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...
EUVD-2009-1947
Malware in sbrugna...
EUVD-2009-0399
Malware in sbrugna...
EUVD-2010-4923
Malware in sbrugna...
EUVD-2018-8434
Malware in sbrugna...
EUVD-2014-5987
Malware in sbrugna...
EUVD-2013-2298
Malware in sbrugna...
EUVD-2022-3887
Malicious code in bioql PyPI...
EUVD-2022-4284
Malicious code in bioql PyPI...
CVE-2023-2257
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" securi...
CVE-2023-0522
The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Authentication flaw
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" securi...
CVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session...
SUSE CVE-2020-12063
A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/senderlogin feature is used, because a spoofe...
apinto-dashboard 跨站脚本漏洞
apinto-dashboard is a visual UI project open source by eolinker. apinto-dashboard has a security vulnerability , the vulnerability stems from some unknown features of the login , the operation of the parameter callback leads to cross-site scripting...
e-Excellence U-Office Force 输入验证错误漏洞
e-Excellence U-Office Force is an e-Office platform from China-based First Class Technology e-Excellence. U-Office Force suffers from an input validation error vulnerability that stems from its login feature that allows a remote attacker to implement an open redirect that would redirect users to ...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A security vulnerability exists in Mealie v1.0.0beta-2, which stems from a login feature that allows an attacker to enumerate existing usernames by timing the server's response time...
Improper Restriction of Excessive Authentication Attempts in login feature
Description No rate limiting in login form leads to bruteforce attack Steps to reproduce 1.Go to http://localhost:/login 2.Login with wrong credentials 3.Capture POST request with Burp Suite and Send to Intruder 4.Create 100 null payloads and start attack 5.Noticed that all request return 200...
SUSE-SU-2021:0127-1 Security update for open-iscsi
This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc1179908, including: uip: check for TCP urgent pointer past end of frame uip: check for u8 overflow when processing TCP options uip: check for header length underflow during checksum...