freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

CVE-2024-51327

SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

Fortinet FortiWeb Multiple vulnerabilities in the authentication mechanism of confd (FG-IR-21-130)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-130 advisory. - Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15,...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

PT-2024-27874

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.2 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP 7.4 GA through update 92 Liferay DXP 7.3 GA through update 36 Description The workflo...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2024-10173

A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has be...

PT-2024-16087 · Didi Ddmq · Didi Ddmq

Name of the Vulnerable Software and Affected Versions: didi DDMQ version 1.0 Description: A critical vulnerability has been found in the Console Module component of didi DDMQ, affecting an unknown functionality. The manipulation of the input /;login leads to improper authentication. This issue ca...

Synology Router Manager (SRM) 1.3.x Multiple Vulnerabilities (Synology-SA-24:16) - Remote Known Vulnerable Versions Check

Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the Netlogon service in Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Netlogon service in Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

Synology DiskStation Manager Uncontrolled Search Path Element (CVE-2023-0142)

Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager DSM before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

VulnCheck KEV: CVE-2024-8957

PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntpaddr parameter of the /cgi-bin/param.cgi CGI script...

July 9, 2024—KB5040438 (OS Build 25398.1009)

July 9, 2024—KB5040438 OS Build 25398.1009 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

Remote Authentication Rate Limiting Bypass

github.com/windmill-labs/windmill is vulnerable to Remote Authentication Rate Limiting Bypass. The vulnerability is due to improper handling of authentication attempts, which fails to restrict excessive attempts, allowing an attacker to exploit excessive authentication attempts remotely, with a...

CVE-2024-43775 Huachu Easytest Online Learning Test Platform - SQL Injection

SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter...

CVE-2024-43774

The CVE concerns Easytest Online Test Platform (versions 24E01 and earlier). The vulnerability is a SQL injection in the download personal learning course function, exploitable via the uid parameter. A remote authenticated attacker could execute arbitrary SQL commands, with potential impact on co...

RLSA-2024:4936 Important: freeradius:3.0 security update

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: forgery attack CVE-2024-3596 For more details about the security issues...

freeradius:3.0 security update

An update is available for freeradius, module.freeradius. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRADIUS is a high-performance and highly configurabl...