Updated cockpit packages fix security vulnerabilities

CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects...

CVE-2023-43016

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154...

EUVD-2011-2664

Malware in sbrugna...

EUVD-2024-47900

Malicious code in bioql PyPI...

CVE-2002-2036

Sun Ray Server Software SRSS 1.3, when Non-Smartcard Mobility NSCM is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client...

CVE-2024-23733

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...

IBM Maximo Asset Management 访问控制错误漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

CyberPower PowerPanel Business Edition 代码问题漏洞

Cyber Power Systems CyberPower PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distributi...

Priva TopControl Suite 安全漏洞

Priva TopControl Suite is a suite from Priva Netherlands. A security vulnerability exists in Priva TopControl Suite prior to version 8.7.8.0, which stems from the presence of a Secure Shell SSH credentials deciphering vulnerability that could allow an attacker to compute login credentials and log...

CHYUI 授权问题漏洞

The Chiyu CHIYU BF-430 is a networking server that provides communication for access control, time and attendance systems, and other devices from Chiyu Technology Chiyu of Taiwan, China. A security vulnerability exists in various CHIYU products, which stems from the fact that the remote login...

Cisco Nexus 9000 Series Switches NX-OS Software Denial of Service Vulnerability

Cisco Nexus 9000 Series Switches are 9000 series switches from Cisco, USA. A denial of service vulnerability exists in the remote login feature of the Cisco NX-OS Software in Cisco Nexus 9000 Series Switches. A remote attacker could exploit the vulnerability by sending a special request to...

CVE-2017-6343

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the...

Cisco Mobility Services Engine sshd_config Trust Management Vulnerability

Cisco Mobility Services Engine MSE is a platform Mobility Services Engine that provides Wi-Fi services from Cisco. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security vulnerability exists in the default configuration of sshdconfig ...

PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion

A flaw was found in the way PicketLink's Service Provider SP and Identity Provider IdP handled certain requests. The SP and IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in the SAML assertion matches the location from which the message was...

sb-sql.txt

Remote Login Bypass SQL Injection Vulnerability admin.php AYYILDIZ.ORG Presents. SchoolBoard http://free-php-scripts.net/download.php?id=120 author : iLker Kandemir mynet.com Tnx : h0tturk,ekin0x,Dr.Max Virus,Gencnesil,Gencturk,Ajann Vulnerable; /admin.php...

CVE-2002-2036

Sun Ray Server Software (SRSS) 1.3 with Non-Smartcard Mobility (NSCM) enabled is affected. The issue allows remote attackers to log in as another user by running dtlogin on a system with XDMCP client support, indicating a network-exposed authentication bypass via XDMCP/X11 components. The core de...

CVE-2002-1884

index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin"...