CVE-2018-3854

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowin...

CVE-2018-3854

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowin...

CVE-2018-3854

CVE-2018-3854 affects Quicken Deluxe 2018 for Mac (v5.2.2). Root cause: a crafted sqlite3 request can remove the password protection by altering the Quicken data file (e.g., deleting a ZDOCUMENTPROPERTY row), leading to information disclosure and data modification without the password. Exploitati...

PT-2018-16248 · Quicken · Quicken Deluxe 2018 For Mac

Name of the Vulnerable Software and Affected Versions: Quicken Deluxe 2018 for Mac version 5.2.2 Description: An information disclosure issue exists in the password protection functionality. A specially crafted sqlite3 request can remove the password protection, allowing access and modification o...

Holiday Scams and Malware Campaigns

As the holidays approach, the Cybersecurity and Infrastructure Security Agency CISA reminds users to be aware of seasonal scams and malware campaigns. Users should be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and...

Siemens SIMATIC STEP 7 Information Disclosure Vulnerability

Siemens SIMATIC STEP 7 TIA Portal is a suite of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages and advanced drive technology. A security vulnerability exists in Siemens SIMATIC STEP 7 TIA Portal versions prior to...

Joomla! 1.7.x < 3.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...

Nextcloud Server Improper Access Control Checking Vulnerability

Nextcloud is a set of client-server software for creating file hosting services and using them. An improper access control checking vulnerability exists in versions of Nextcloud Server prior to 14.0.0, which can be exploited by an unauthenticated, remote attacker via the publicpreview.php functio...

Session fixation

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

Default credentials

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

CVE-2018-16464

CVE-2018-16464 affects Nextcloud Server prior to 14.0.0. A missing access check could allow continued access to password-protected link shares after the owner changes the password, enabling unauthorized access to shared resources. Remediation: upgrade to Nextcloud Server 14.0.0 or apply vendor ad...

Session fixation on public share page (NC-SA-2018-013)

A bug causing session fixation could potentially allow an attacker to obtain access to password protected shares...

Improper authentication on public shares (NC-SA-2018-012)

A missing access check could lead to continued access to password protected link shares when the owner had changed the password...

Shopify: H1514 [*.(my)shopify.com] - Viewing Password Protected Content

Hi guys! When administering a shop, the owner has the ability to preview his shop with various themes. When previewing, a unique link is generated, which the owner can share with various people without any authentication. The generation of that unique link does not require authentication, which...