Lucene search
K

284 matches found

Hacker One
Hacker One
added 2016/03/17 7:14 a.m.25 views

Gratipay: csrf_token cookie don't have the flag "HttpOnly"

As the researcher @kuskumar pointed out, the cookie csrftoken doesn't have the HttpOnly flag. While it is often seen as bad practice to leave cookies without this flag since they are likely to be stolen via XSS, our session cookie has this flag set, making impersonation harder. Regarding csrftoke...

6.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/02/02 12:0 a.m.0 views

AlienVault OSSIM Arbitrary Command Injection

An arbitrary command injection vulnerability has been reported in AlienVault OSSIM. The vulnerability is due to insufficient validation of the password. A remote, authenticated attacker can exploit this vulnerability by sending maliciously crafted input to the affected server...

4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/12/13 12:0 a.m.35 views

Humhub Insecure Password Validation / Reset

Humhub insecure password validation and reset design + Discovered by: Jos Wetzels + Affects: Humhub password == $this-hashPassword$password Here a hash of the user-supplied password gets compared to the stored hash in an insecure manner, since PHP's loose type comparison operators compare only...

0.2AI score
Exploits0
NVD
NVD
added 2014/11/28 3:59 p.m.18 views

CVE-2014-8424

ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication...

7.8CVSS6.6AI score0.59617EPSS
Exploits4References1
PyPA
PyPA
added 2014/09/30 2:55 p.m.7 views

PYSEC-2014-75

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

4.3CVSS7.1AI score0.00933EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2014/09/30 2:55 p.m.27 views

PYSEC-2014-75

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

4.3CVSS5.5AI score0.00933EPSS
Exploits0References6
Cvelist
Cvelist
added 2014/09/30 2:0 p.m.29 views

CVE-2012-5507

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

6.5AI score0.00933EPSS
Exploits0References5
Prion
Prion
added 2014/04/17 2:55 p.m.20 views

Design/Logic Flaw

The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relie...

4.3CVSS7.1AI score0.02818EPSS
Exploits5References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/11/27 12:0 a.m.269 views

MySQL Server COM_CHANGE_USER Command Security Bypass

The installed version of MySQL may be affected by a security bypass vulnerability because the salt used during password validation does not change when switching users with the 'COMCHANGEUSER' command. Additionally, the connection is not reset when invalid credentials are submitted. Normally, whe...

4CVSS7.4AI score0.11413EPSS
Exploits2References2
securityvulns
securityvulns
added 2013/10/05 12:0 a.m.66 views

APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update OS X v10.8.5 Supplemental Update is now available and addresses the following: Directory Services Available for: OS X Mountain Lion v10.8 to v10.8.5 Impact: A local user may modify Directory...

6.6CVSS6.3AI score0.00375EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/10/04 12:0 a.m.34 views

Mac OS X 10.8 < 10.8.5 Supplemental Update

The remote host is running a version of Mac OS X 10.8 that is missing the OS X v10.8.5 Supplemental Update. This update fixes a logic issue in verification of authentication credentials by Directory Services, which could otherwise allow a local attacker to bypass password validation. TRUSTED...

6.6CVSS5.5AI score0.00375EPSS
Exploits0References4
myhack58
myhack58
added 2013/04/09 12:0 a.m.15 views

9 1 Panda desktop app lock bypass vulnerability-vulnerability warning-the black bar safety net

Brief description: 9 1 Panda desktop app lock after setting the password can be bypassed. Detailed description: ! SIRI, open the application to bypass the vulnerability, for example,“open QQ”, you can bypass the password validation Vulnerability proof: SIRI, open the application to bypass the...

1.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/03/09 12:0 a.m.20 views

Ubuntu 9.10 : grub2 vulnerability (USN-868-1)

It was discovered that GRUB 2 did not properly validate passwords. An attacker with physical access could conduct a brute-force attack and bypass authentication by submitting a 1 character password. Note that Tenable Network Security has extracted the preceding description block directly from the...

7.2CVSS5.3AI score0.00571EPSS
Exploits1References2
NVD
NVD
added 2012/08/13 8:55 p.m.12 views

CVE-2012-2368

Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password...

5CVSS7AI score0.01504EPSS
Exploits1References4
Prion
Prion
added 2012/08/13 8:55 p.m.14 views

Default credentials

Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password...

5CVSS7.6AI score0.01504EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2012/08/13 8:0 p.m.18 views

CVE-2012-2368

Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password...

7AI score0.01504EPSS
Exploits1References4
CVE
CVE
added 2012/08/13 8:0 p.m.36 views

CVE-2012-2368

Bytemark Symbiosis prior to Revision 1322 is vulnerable: it does not properly validate passwords, allowing remote attackers to access email accounts with arbitrary passwords. A fix is available in Revision 1322; systems should update to that revision or apply provided mitigations as per linked ad...

5CVSS7.2AI score0.01504EPSS
Exploits1References4Affected Software1
exploitpack
exploitpack
added 2012/05/29 12:0 a.m.8 views

WinRadius Server 2009 - Denial of Service

WinRadius Server 2009 - Denial of Service Title: WinRadius Server Denial Of Service Vulnerability Software : WinRadius Software Version : v2009 Vendor: http://www.elite-school.com/saas/WinRadius/ Vulnerability Published : 2012-05-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base :...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2012/05/29 12:0 a.m.35 views

WinRadius Server 2009 - Denial of Service

Title: WinRadius Server Denial Of Service Vulnerability Software : WinRadius Software Version : v2009 Vendor: http://www.elite-school.com/saas/WinRadius/ Vulnerability Published : 2012-05-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug...

7AI score
Exploits0
seebug.org
seebug.org
added 2012/04/29 12:0 a.m.17 views

正方教务管理系统web端补考成绩录入漏洞

简要描述: web端成绩录入可绕过密码验证录入补考成绩。 详细说明: 此漏洞与 WooYun: 正方教务管理系统web端成绩录入漏洞 类似。 web端在进行成绩录入时可以通过直接将动态页面从jscjmm.aspx修改为xfjsbkcjlr.aspx进行绕过,只要具有教师的登录权限,不需要验证成绩录入密码即可直接进入成绩的录入和提交页面。 我写了一个脚本用于测试我所在学校的教师账户,发现有几百个教师账户仍旧使用默认账户密码,如果通过此漏洞将造成巨大影响,我也准备将所收集的资料上报校方处理。 漏洞证明: 此漏洞与 WooYun: 正方教务管理系统web端成绩录入漏洞 类似,就不再截图证明了。...

7.1AI score
Exploits0
Rows per page
Query Builder