472 matches found
[SECURITY] [DLA 952-1] kde4libs security update
Package : kde4libs Version : 4:4.8.4-4+deb7u3 CVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422 Debian Bug : 856890 Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following...
Multiple Brother device authentication bypass vulnerabilities
Brother MFC-J6973CDW and others are printer products from Brother Industries Japan. A security vulnerability exists in multiple Brother devices. An attacker could exploit the vulnerability to bypass Web authentication...
DLA-560-2 cacti - regression update
Bulletin has no description...
The vulnerability of Juniper SRX 240 router microprogramming software allows a hacker to execute arbitrary code.
The Juniper SRX 240 router software contains a vulnerability in the SRX Web Authentication service. This vulnerability allows an attacker to execute arbitrary code due to the lack of control over input parameters on the page where user authentication takes place...
The vulnerability of Cisco PIX software allows a malicious individual to trigger a service failure.
Overloading the buffer in the Cisco PIX Firewall allows malicious actors operating remotely to trigger service failures by using authentication for HTTP traffic via TACACS+ or RADIUS...
The vulnerability of the Cisco Wireless LAN Controller 2500 software allows a malicious individual to cause service failure.
Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...
The vulnerability of the Cisco Wireless LAN Controller 4400 software allows a malicious individual to cause service failure.
Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...
The vulnerability of the Cisco Wireless LAN Controller 5500 software allows a malicious individual to cause service failure.
Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...
CVE-2016-2313
authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...
DEBIAN-CVE-2016-2313
authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...
CVE-2016-2313
authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...
HackerOne: Web Authentication Endpoint Credentials Brute-Force Vulnerability
Dear, Your web authentication endpoint, https://hackerone.com/sessions POST, currently protects against credentials brute-force attacks only by requests rate-limiting based on IP. It was found that if an attacker sends login requests faster than every 4 seconds from the same IP address, it would...
X (Formerly Twitter): Incorrect param parsing in Digits web authentication
Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail Digits web authentication has strict validation on host and callbackurl. On the server side, the values are compared with the...
cacti -- multiple vulnerabilities
The Cacti Group, Inc. reports: Changelog bug:0002652: CVE-2015-8604: SQL injection in graphsnew.php bug:0002655: CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php bug:0002656: Authentication using web authentication as a user not in the cacti database...
Updated cacti packages fix CVE-2016-2313
Updated cacti package fixes security vulnerability: Authentication using web authentication as a user not in the cacti database allows complete access CVE-2016-2313...
openSUSE Security Update : cacti (openSUSE-2016-198)
cacti was updated to fix the following vulnerabilities : - CVE-2015-8369: SQL injection in graph.php boo958863 - CVE-2015-8604: SQL injection in graphsnew.php boo960678 - CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php boo958977 - CVE-2016-2313:...
X (Formerly Twitter): Bypassing Digits web authentication's host validation with HPP
Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail As described in 108429, the login page has 2 parameters, consumerkey and host. The former identifies which app a user wants to...
Clorius Controls A/S ISC SCADA Insecure Java Client Web Authentication
OVERVIEW Independent researcher Aditya Sood has identified an insecure Java client web authentication vulnerability in the Clorius Controls A/S ISC SCADA server. Clorius Controls A/S has produced an update that mitigates this vulnerability. Aditya Sood has tested the update to validate that it...
Cisco Wireless LAN Controller Wireless Web Authentication Denial of Service Vulnerability
Cisco Wireless LAN Controller contains a vulnerability that could allow an unauthenticated, adjacent attacker to cause a denial of service condition. Updates are available. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...
Code injection
The wireless web-authentication subsystem on Cisco Wireless LAN Controller WLC devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service process crash and device restart via a crafted value, aka Bug ID CSCum03269...