freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

PT-2024-5229 · Tightvnc · Tightvnc

Name of the Vulnerable Software and Affected Versions: TightVNC Server for Windows versions prior to 2.8.84 Description: The issue is related to the Control Pipe Handler component of the TightVNC remote desktop access system, which allows attackers to bypass the authentication procedure by using ...

PT-2024-20483 · Softaculous · Softaculous Webuzo

Name of the Vulnerable Software and Affected Versions: Softaculous Webuzo affected versions not specified Description: The issue is related to a command injection vulnerability in the FTP management functionality. This allows a remote, authenticated attacker to exploit the vulnerability and gain...

CVE-2024-41133 Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle MitM attacks and bypass integrity checks under certain circumstances. "The RADIUS protocol allo...

Deep Sea Electronics DSE855 Remote Authentication Bypass

Deep Sea Electronics DSE855 Remote Authentication Bypass Vendor: Deep Sea Electronics plc Product web page: https://www.deepseaelectronics.com Affected version: Model: DSE855 Software version: 1.0.26 Module version: 1.0.78 Bootloader version: 1.0.3 Firmware version: 1.1.0 Summary: The DSE855...

Deep Sea Electronics DSE855 Remote Authentication Bypass

Summary The DSE855 communications device allows monitoring of a single DSE controller with USB connectivity over a LAN or WAN connection. To achieve this the DSE855 utilises its in-built web server or MODBUS TCP. In order to use over a LAN connection the on-site router must be configured to be...

Deep Sea Electronics DSE855 Remote Authentication Bypass Vulnerability

Deep Sea Electronics DSE855 is vulnerable to configuration disclosure when direct object reference is made to the Backup.bin file using an HTTP GET request. This will enable an attacker to disclose sensitive information and help her in authentication bypass, privilege escalation, and full system...

PT-2024-5381 · Omnivise · Omnivise T3000 R8.2 Sp3 +2

Name of the Vulnerable Software and Affected Versions: Omnivise T3000 Application Server R9.2 All versions Omnivise T3000 R8.2 SP3 All versions Omnivise T3000 R8.2 SP4 All versions Description: The issue is related to insufficient input validation, which can be exploited by a remote attacker to...

PT-2024-27945 · Ibm · Ibm Storage Protect For Virtual Environments

Name of the Vulnerable Software and Affected Versions: IBM Storage Protect for Virtual Environments: Data Protection for VMware versions 8.1.0.0 through 8.1.22.0 Description: The issue is caused by improper validation of user permission, allowing a remote authenticated attacker to bypass security...

CVE-2024-37368

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

RHEL 5 : freeradius (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - freeradius: Out-of-bounds write in radcoalesce CVE-2017-10979 - modules/rlmunix/rlmunix.c in FreeRADIUS...

CVE-2023-43848

Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request...

CVE-2023-43842

Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request...

Paperless-ngx 安全漏洞

Paperless-ngx is a document management system from paperless-ngx open source. A security vulnerability exists in Paperless-ngx versions 2.5.0 through 2.8.6, which stems from remote user authentication allowing API access even when API access is explicitly disabled...

PT-2024-26365 · Unknown · Paperless-Ngx

Name of the Vulnerable Software and Affected Versions: Paperless-ngx versions 2.5.0 through 2.8.5 Description: The issue concerns remote user authentication in a document management system, allowing API access even when API access is explicitly disabled. Recommendations: For versions 2.5.0 throug...

CVE-2024-33771

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service DoS through the parameter "webpage."...

RHEL 5 : krb5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - krb5: Automatic sec context deletion could lead to double-free CVE-2017-11462 - The processdbargs functio...