EUVD-2010-1454

Malware in sbrugna...

CVE-2024-42423

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized...

PT-2024-29938 · Dell +1 · Dell Thinos +1

Name of the Vulnerable Software and Affected Versions: Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 Description: The issue is related to an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potential...

Dell ThinOS 安全漏洞

Dell ThinOS is a client operating system from Dell USA. A security vulnerability exists in Dell ThinOS that originates from a misauthorization when enabling Citrix CEB for WebLogin. A local, unauthenticated, low-privileged user could use this vulnerability to bypass existing controls and perform...

D-Link DIR-629-B1 'weblogin_log' function buffer overflow vulnerability

The D-Link DIR-629-B1 is a router device from AUO D-Link. A security vulnerability exists in the 'webloginlog' function in /htdocs/cgibin in the D-Link DIR-629-B1. An attacker can exploit this vulnerability by sending a session.cgi?ACTION=logout request with a long REMOTEADDR environment variable...

Buffer overflow

The webloginlog function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service buffer overflow via a session.cgi?ACTION=logout request involving a long REMOTEADDR environment variable...

CVE-2018-10996

The webloginlog function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service buffer overflow via a session.cgi?ACTION=logout request involving a long REMOTEADDR environment variable...

WMD (Weapon of Mass Destruction) - Python framework for IT security tools

This is a python tool with a collection of IT security software. The software is incapsulated in "modules". The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command "use modulecall", e.g. "use apsniff", to activate the module. ...

Android exposed the new vulnerability: hackers can use a key authentication to steal user passwords-vulnerability warning-the black bar safety net

Close paragraph of time, the hackers in the Android system found a large number of vulnerabilities, including the legitimate Android software into malicious software, the FBI can remotely monitor the Android phone microphone and so on. Now, PCWorld also exposed with the Android a new...

Sql injection

SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin...

CVE-2010-1426

SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin...

CVE-2010-1426

SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin...

CVE-2010-1426

MODx Evolution prior to 1.0.3 contains an SQL injection vulnerability related to WebLogin that could allow a remote attacker to view or modify information by executing arbitrary SQL commands. The issue is documented across multiple sources (NVD, JVN/JVM entries, and Nessus plugin 5522) with the s...

DEBIAN-CVE-2009-2945

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

CVE-2009-2945

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

Cross site request forgery (csrf)

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

CVE-2009-2945

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

[Backports-security-announce] Security update for webauth

Russ Allbery uploaded new packages for webauth which fixed the following security problem: CVE-2009-2945 WebAuth 3.5.5 introduced a new method to probe for browser cookie support in the WebLogin script. Under rare circumstances, a browser may present the test cookie when loading the login form bu...