286 matches found
DoraCMS Security Vulnerability
DoraCMS is a software application. A content management system written on Nodejs + eggjs + mongodb. A security vulnerability exists in DoraCMS version v2.1.8, which originates from reusing the same code to validate a valid username and password. An attacker could exploit the vulnerability to gain...
ROS-20230913-02
Nextcloud server vulnerability is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to access files within a subfolder of an accessible group folder, even if extended permissions block access to the subfolder. of a group folder, even if...
CVE-2023-4816
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...
CVE-2023-4816
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...
Input validation
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...
CVE-2023-4816
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...
CVE-2023-4816
CVE-2023-4816 affects Hitachi Energy Asset Suite (Asset Suite 9) with SSO/password validation. A authenticated user can perform an Equipment Tag Out holder action (Accept, Release, Clear) for another user and enter an arbitrary password in the confirmation dialog; the system will still execute th...
PT-2023-5834 · Unknown · Asset Suite Eam
Name of the Vulnerable Software and Affected Versions: Asset Suite EAM versions affected versions not specified Description: A vulnerability exists in the Equipment Tag Out authentication when configured with Single Sign-On SSO and password validation. This issue allows an authenticated user to...
social-media-skeleton 安全漏洞
social-media-skeleton is an unfinished social media project implemented in php, css, javascript and html by the individual developer of fobybus. A security vulnerability exists in social-media-skeleton prior to version 1.0.5, which stems from validating password policies only on the client-side...
Nextcloud Access Control Error Vulnerability
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Server that stems from a lack of password validation...
CVE-2023-36131
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter...
Availability Booking Calendar PHP Security Vulnerability
Availability Booking Calendar PHP is an open source availability booking calendar system by GZ Scripts. A security vulnerability exists in Availability Booking Calendar version 5.0, which stems from incorrect validation of password parameter input and vulnerability to incorrect access control...
CVE-2023-33561
Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords...
CVE-2023-33561
Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords...
UBUNTU-CVE-2023-3326
pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pamkrb5 has no way to validate...
CVE-2023-1524
The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...
Default credentials
The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...
CVE-2023-1524 Download Manager < 3.2.71 - Broken Access Controls
The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...
CVE-2023-1524
The CVE-2023-1524 issue affects the WordPress Download Manager plugin prior to version 3.2.71. According to multiple sources, the vulnerability is an improper access control: during password validation a master key is generated and exposed to the user, which can be used to download any password‑p...
PT-2023-17052 · WordPress · Download Manager
Name of the Vulnerable Software and Affected Versions: Download Manager WordPress plugin versions prior to 3.2.71 Description: The issue concerns inadequate password validation for password-protected files. When a password is validated, a master key is generated and exposed to the user. This mast...