5 matches found
FileBrowser Quantum: Password Protection Not Enforced on Shared File Links
Summary When users share password-protected files, the recipient can completely bypass the password and still download the file. Details This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without th...
Password Bypass
moodle/moodle is vulnerable to Password Bypass. The vulnerability is due to loose comparison in the password-checking logic, allowing certain "magic hash" values to bypass password restrictions...
in flatcore/flatcore-cms
Description Use of incorrect operator == and != for pagepsw Proof of Concept If my actual page password is 240610708 then an attacker can key in QLTHNDT because: md5240610708 = 0e462097431906509019562988736854 md5QLTHNDT = 0e405967825401955372549139051580 And PHP will evaluate...
CVE-2021-37172
A vulnerability has been identified in SIMATIC S7-1200 CPU family incl. SIPLUS variants V4.5.0. Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication an...
CVE-1999-1257
Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering 1 a CTRL-Z character, or 2 a ? question mark...