Lucene search
K

472 matches found

Debian
Debian
added 2017/05/25 4:25 p.m.38 views

[SECURITY] [DLA 952-1] kde4libs security update

Package : kde4libs Version : 4:4.8.4-4+deb7u3 CVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422 Debian Bug : 856890 Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following...

7.8CVSS7.6AI score0.0198EPSS
Exploits3
CNVD
CNVD
added 2017/04/18 12:0 a.m.3 views

Multiple Brother device authentication bypass vulnerabilities

Brother MFC-J6973CDW and others are printer products from Brother Industries Japan. A security vulnerability exists in multiple Brother devices. An attacker could exploit the vulnerability to bypass Web authentication...

10CVSS6.9AI score0.33584EPSS
Exploits4References1
OSV
OSV
added 2016/08/31 12:0 a.m.29 views

DLA-560-2 cacti - regression update

Bulletin has no description...

8.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.7 views

The vulnerability of Juniper SRX 240 router microprogramming software allows a hacker to execute arbitrary code.

The Juniper SRX 240 router software contains a vulnerability in the SRX Web Authentication service. This vulnerability allows an attacker to execute arbitrary code due to the lack of control over input parameters on the page where user authentication takes place...

4.3CVSS6AI score0.01192EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.5 views

The vulnerability of Cisco PIX software allows a malicious individual to trigger a service failure.

Overloading the buffer in the Cisco PIX Firewall allows malicious actors operating remotely to trigger service failures by using authentication for HTTP traffic via TACACS+ or RADIUS...

5CVSS5.7AI score0.01995EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.4 views

The vulnerability of the Cisco Wireless LAN Controller 2500 software allows a malicious individual to cause service failure.

Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...

7.8CVSS5.5AI score0.01328EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.4 views

The vulnerability of the Cisco Wireless LAN Controller 4400 software allows a malicious individual to cause service failure.

Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...

7.8CVSS5.5AI score0.01328EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

The vulnerability of the Cisco Wireless LAN Controller 5500 software allows a malicious individual to cause service failure.

Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...

7.8CVSS5.5AI score0.01328EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2016/04/13 5:59 p.m.26 views

CVE-2016-2313

authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...

8.8CVSS8.4AI score0.02686EPSS
Exploits0References8
OSV
OSV
added 2016/04/13 5:59 p.m.1 views

DEBIAN-CVE-2016-2313

authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...

8.8CVSS8AI score0.02686EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2016/04/13 5:0 p.m.26 views

CVE-2016-2313

authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...

8.8CVSS8AI score0.02686EPSS
Exploits0
Hacker One
Hacker One
added 2016/04/02 6:9 p.m.57 views

HackerOne: Web Authentication Endpoint Credentials Brute-Force Vulnerability

Dear, Your web authentication endpoint, https://hackerone.com/sessions POST, currently protects against credentials brute-force attacks only by requests rate-limiting based on IP. It was found that if an attacker sends login requests faster than every 4 seconds from the same IP address, it would...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/03/28 4:57 p.m.15 views

X (Formerly Twitter): Incorrect param parsing in Digits web authentication

Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail Digits web authentication has strict validation on host and callbackurl. On the server side, the values are compared with the...

7.1AI score
Exploits0
FreeBSD
FreeBSD
added 2016/02/21 12:0 a.m.27 views

cacti -- multiple vulnerabilities

The Cacti Group, Inc. reports: Changelog bug:0002652: CVE-2015-8604: SQL injection in graphsnew.php bug:0002655: CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php bug:0002656: Authentication using web authentication as a user not in the cacti database...

8.8CVSS9.4AI score0.02686EPSS
Exploits3References5
Mageia
Mageia
added 2016/02/17 7:6 p.m.37 views

Updated cacti packages fix CVE-2016-2313

Updated cacti package fixes security vulnerability: Authentication using web authentication as a user not in the cacti database allows complete access CVE-2016-2313...

8.8CVSS3.7AI score0.02686EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/02/15 12:0 a.m.29 views

openSUSE Security Update : cacti (openSUSE-2016-198)

cacti was updated to fix the following vulnerabilities : - CVE-2015-8369: SQL injection in graph.php boo958863 - CVE-2015-8604: SQL injection in graphsnew.php boo960678 - CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php boo958977 - CVE-2016-2313:...

8.8CVSS7.9AI score0.02686EPSS
Exploits7References8
Hacker One
Hacker One
added 2016/02/02 4:44 p.m.30 views

X (Formerly Twitter): Bypassing Digits web authentication's host validation with HPP

Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail As described in 108429, the login page has 2 parameters, consumerkey and host. The former identifies which app a user wants to...

7AI score
Exploits0
ICS
ICS
added 2015/10/16 6:0 a.m.53 views

Clorius Controls A/S ISC SCADA Insecure Java Client Web Authentication

OVERVIEW Independent researcher Aditya Sood has identified an insecure Java client web authentication vulnerability in the Clorius Controls A/S ISC SCADA server. Clorius Controls A/S has produced an update that mitigates this vulnerability. Aditya Sood has tested the update to validate that it...

10CVSS6.5AI score0.02595EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2015/09/23 12:0 a.m.24 views

Cisco Wireless LAN Controller Wireless Web Authentication Denial of Service Vulnerability

Cisco Wireless LAN Controller contains a vulnerability that could allow an unauthenticated, adjacent attacker to cause a denial of service condition. Updates are available. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

6.1CVSS6.6AI score0.00821EPSS
Exploits0References1
Prion
Prion
added 2015/05/16 2:59 p.m.18 views

Code injection

The wireless web-authentication subsystem on Cisco Wireless LAN Controller WLC devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service process crash and device restart via a crafted value, aka Bug ID CSCum03269...

6.1CVSS7.2AI score0.00821EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder