Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the TokenAuthenticator process. An attacker can determine valid usernames by measuring response time differences when submitting authentication requests with the X-AUTH-USER header. Remediation Upgrade kimai/kimai to...

CVE-2026-24111

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...

CVE-2026-24111

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...

EUVD-2025-25191

Malicious code in bioql PyPI...

CVE-2025-20244

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in ...

PT-2024-25139 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was found in J2EEFAST via the sql filter parameter in the authUserList function. Recommendations: For J2EEFAST version 2.7.0, consider restricting access to the authUserList function...

J2EEFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version exists SQL injection vulnerability , the vulnerability stems from the authUserList function in the...

PT-2023-30299 · Nats +1 · Nats Nats-Server +1

Name of the Vulnerable Software and Affected Versions: NATS nats-server versions 2.2.0 through 2.9.22 NATS nats-server versions 2.10.0 through 2.10.1 Description: The issue is related to an authentication bypass in NATS nats-server. An implicit $G user in an authorization block can sometimes be...

CVE-2022-30352

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "authuser" parameter in index.php script...

NEC UNIVERGE UM4730 < 11.8 - SQL Injection

Exploit Title: NEC UNIVERGE UM4730 11.8 SQL injection Vulnerbility: SQL injection login bypass Date: 15-12-2016 Exploit Author: b0x41s Author web: https://www.xrayit.nl Vendor Homepage: https://www.nec-enterprise.com Category: webapps Version: 11.6.0.31 Tested on: Windows server 2008 Description:...

Cloudera HUE Session cookies stored in the database

User session cookies are stored in the database. Combined with the vulnerability related to configuration file which is world readable, it is possible to spoof a user across the entire cluster launching jobs and browsing the datalake, without having to crack password hashes. Cookies are stored in...

PYSEC-2015-4

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...

PT-2015-4526 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Django versions 1.4.17 and earlier Django versions 1.6.x before 1.6.10 Django versions 1.7.x before 1.7.3 Description: The issue allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in a...

UBUNTU-CVE-2015-0219

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...