168 matches found
PT-2024-19327 · WordPress · Kali Forms
Name of the Vulnerable Software and Affected Versions: Contact Form builder with drag & drop for WordPress – Kali Forms versions 2.3.36 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects the Contact Form...
PT-2024-15664 · Idmsistemas · Qsige
Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The issue is related to the omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This allows an attacker to extract sensitive information fr...
The vulnerability of the intermediate installation process for microprogramming software on the SIMATIC CN 4100 allows a intruder to gain access to the system and obtain full control over the application.
The vulnerability of the intermediate installation process for microprogrammed communication gateway software SIMATIC CN 4100 relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to remotely gain access to the system and gain full...
PT-2024-5348 · Qualcomm · Qualcomm Microprogram +1
Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to memory corruption that occurs while processing a key blob passed by the user. This can potentially allow an attacker to execute arbitrary...
PT-2023-23995 · Unknown · Woocommerce Bookings
Name of the Vulnerable Software and Affected Versions: WooCommerce Bookings versions 1.15.78 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. Recommendations: For versions 1.15.78 and...
PT-2023-9735 · Fortinet · Fortiportal
Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.3 Description: The issue is related to an authorization bypass through a user-controlled key, allowing an authenticated attacker to interact with resources of other organizations via HTTP or HTT...
Vulnerabilities fixed in FortiNet FortiOS and FortiProxy
FortiNet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system, or under specific circumstances to take over a user's session. The vulnerability with attribute CVE-2023-33308...
PT-2023-22718
Name of the Vulnerable Software and Affected Versions TMT Lockcell versions prior to 15 Description The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability, which allows for Authentication Abuse and Authentication Bypass. Recommendations For versions prior to 15,...
CBOT Chatbot 安全漏洞
CBOT Chatbot is an AI-powered real-time chat solution from CBOT. A security vulnerability exists in CBOT Chatbot Core prior to v4.0.3.4, Panel prior to v4.0.3.7, which stems from a vulnerability that allows token emulation, privilege abuse, and authorization bypass by a user-controlled key...
Ideasoft E-commerce Platform 安全漏洞
Ideasoft E-commerce Platform is an open source e-commerce platform from Ideasoft. A security vulnerability exists in Ideasoft E-commerce Platform versions prior to 23.05, which stems from a vulnerability in Rental Module that allows an attacker to bypass authorization via a controlled user key...
SUSE CVE-2006-1522
The sysaddkey function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service OOPS via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the...
SUSE CVE-2017-5460
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
PT-2022-28100 · Unknown · Usememos/Memos
Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to an Authorization Bypass Through User-Controlled Key, which can lead to Improper Authentication. This allows unauthorized access, potentially compromising the security...
USN-5690-1 libxdmcp vulnerability
It was discovered that libXdmcp was generating weak session keys. A local attacker could possibly use this issue to perform a brute force attack and obtain another user's key...
CVE-2020-15343
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluserkey API...
CVE-2021-46249
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...
Bachmann Electronic All M-Base Controllers 加密问题漏洞
Bachmann Electronic All M-Base Controllers is a controller system from Bachmann, Germany, used to control networks. A cryptographic issue vulnerability exists in Bachmann Electronic All M-Base Controllers that stems from not properly using the relevant cryptographic algorithms, resulting in...
Nextcloud: Improper integrity protection of server-side encryption keys
The public keys used for the server-side encryption are not integrity-protected. These can easily replaced by anyone who has access to the data-at-rest data even when the per-user-keys are enabled, as described in https://nextcloud.com/security/threat-model/. This holds true for all key types -...
CVE-2017-5460
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...