EUVD-2007-2160

Malware in sbrugna...

GHSA-FR3W-2P22-6W7P URL Redirection to Untrusted Site in OAuth2/OpenID in directus

Summary The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.htmllogin-using-sso-providers /auth/login/google?redirect for example. Details There's a...

CVE-2023-21494

Potential buffer overflow vulnerability in auth api in mmAuthentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access...

CVE-2023-21494

The CVE-2023-21494 issue affects Samsung Shannon baseband, specifically the auth API in mm_Authentication.c. It describes a potential buffer overflow that could allow remote attackers to cause invalid memory access. The vulnerability is rooted in the Shannon baseband code prior to SMR May-2023 Re...

SQL Injection

org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the deleteRole function in RoleStore.java allows a malicious user to inject and execute arbitrary SQL queries on the target system, when the API interface /auth/v1/roles/ ...

cc.vihackerframework:vihacker-cloud-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-feign-starter (>=1.0.4.R <=1.0.6.R) +330 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (>=3.0.0 <=3.0.4)

org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =3.0.0, =1.0.4.R, =1.0.4.R, =1.2.12, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2021-22044 Source advisory: OSV:GHSA-PF94-6V2V-CM3J...

Sql injection

LDMS/alertlog.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request...

Fedora 7 : proftpd-1.3.1-2.fc7 (2007-2613)

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...

CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...

CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...

CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...

CVE-2007-2165

CVE-2007-2165 affects ProFTPD prior to 20070417. When multiple authentication modules are configured, the authentication-check module need not be the same as the module that retrieves authentication data, potentially allowing remote attackers to bypass authentication (e.g., using SQLAuthTypes Pla...