472 matches found
UBUNTU-CVE-2020-6493
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2020-1631
CVE-2020-1631 is a path traversal/LFI vulnerability in the HTTP/HTTPS J-Web service of Junos OS. An unauthenticated attacker can exploit HTTP(S) to perform local file inclusion, path traversal, or possibly inject commands into httpd.log, read files with world-readable permissions (notably configu...
CVE-2020-5893
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection...
CVE-2020-1631
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...
Argo License Issue Vulnerability (CNVD-2020-27455)
Argo is an open source container native workflow engine. Argo suffers from an authorization problem vulnerability that stems from the use of immutable authentication tokens in the web interface authentication system. An attacker could exploit this vulnerability to gain unauthorized access to...
X (Formerly Twitter): Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques}
Summary I tried to guess on my account. I sent out nearly 1,000 requests, and I was virtually banned on request about 120. But when I changed my IP and tried logging in, I was logged into the account without any additional checks Description: Your web authentication endpoint,...
WAGO PFC100 and PFC200 Information Disclosure Vulnerability
The WAGO PFC 200 and WAGO PFC 100 are both programmable logic controllers PLCs from WAGO Germany. A security vulnerability exists in the Web-Based Management authentication feature in the WAGO PFC200 versions 03.00.3912 and 03.01.0713 and the WAGO PFC100 version 03.00.3912. The vulnerability can ...
CVE-2019-5165
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...
Authentication flaw
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...
CVE-2019-5165
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...
CVE-2019-5165
CVE-2019-5165 affects the Moxa AWK-3131A (firmware 1.13). Authentication bypass is caused by hostname processing that lets an attacker send authenticated SNMP requests to trigger a web-auth bypass, effectively treating remote traffic as local. Talos reports an 8.0 CVSSv3 (CR: C/H, PR: H, UI: N, S...
New Muhstik Botnet Attacks Target Tomato Routers
A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found. Researchers at Palo Alto Networks’ Unit 42 discovered the new variant...
CVE-2013-4859
INSTEON Hub 2242-222 lacks Web and API authentication...
CVE-2013-4859
INSTEON Hub 2242-222 lacks Web and API authentication...
CVE-2013-4859
The CVE-2013-4859 entry refers to INSTEON Hub 2242-222 that suffers a lack of Web and API authentication. The vulnerability targets the Hub’s web/API interfaces, enabling unauthorized access when the device is exposed to the Internet (e.g., via port forwarding). The base information indicates a h...
CVE-2018-20888
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...
The vulnerability of the mydlink web interface of D-Link routers allows a hacker to obtain DNS query logs and user login logs.
The vulnerability of the D-Link microprogrammed router’s web interface function “mydlink” is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain DNS query logs and user login logs by sending specially crafted...
CVE-2019-7642
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW A1-1.04, DIR-816L B1-2.06, DIR-81...
pfSense Access Restriction Bypass Vulnerability
pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in version 2.4.41 of pfSense, which stems from the program blocking the source IP address based on SSH authentication failures and HTTPS authentication failures that do not match. An attacker could explo...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:2890-1)
This update for MozillaFirefox to ESR 60.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visited,...