basic-auth-connect 安全漏洞

basic-auth-connect is an expressjs open source basic authentication middleware for nodes and connections. A security vulnerability exists in basic-auth-connect versions prior to 1.1.0, which stems from the use of timing insecure equality comparisons, which can leak timing information...

Responsive Binary mlm 3.2.0 SQL Injection

==================================================================================================================================== | Title : Responsive Binary mlm 3.2.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits...

CVE-2024-6593 WatchGuard Firebox Single Sign-On Agent Management Interface Authentication Bypass

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway aka Single Sign-On Agent on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2...

Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents1 or a...

janis-pipelines (>=0.4.0 <=0.13.1), janis-pipelines-bioinformatics (>=0.0.1 <=0.12.2) +5 more potentially affected by CVE-2024-42346 via galaxy-auth (=22.1.1)

galaxy-auth PYPI version =22.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on galaxy-auth and may be impacted: - janis-pipelines =0.4.0, =0.0.1, =0.13.0, =0.6.0, =0.1.0, =0.8.0, =0.1.0, =0.12.0 Source cves: CVE-2024-42346 Source advisory:...

Online Food Management System 1.0 SQL Injection

==================================================================================================================================== | Title : Online Food Management System 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 6...

RHSA-2015:0839 Red Hat Security Advisory: python-django-horizon and python-django-openstack-auth update

Bulletin has no description...

RHSA-2015:0845 Red Hat Security Advisory: python-django-horizon and python-django-openstack-auth update

Bulletin has no description...

GHSA-6P2Q-8QFQ-WQ7X Withdrawn Advisory: Lunary improper access control vulnerability

Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...

CVE-2024-6087 Improper Access Control in lunary-ai/lunary

An improper access control vulnerability exists in lunary-ai/lunary at the latest commit a761d83 on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target user...

CVE-2024-6087 Improper Access Control in lunary-ai/lunary

An improper access control vulnerability exists in lunary-ai/lunary at the latest commit a761d83 on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target user...

Online Student Grading System 1.0 SQL Injection

============================================================================================================================================= | Title : Online Student Grading System 1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Park Ticketing Project 1.0 SQL Injection

============================================================================================================================================= | Title : Park Ticketing Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Sensitive Data Exposure

Flask-AppBuilder is vulnerable to Sensitive Data Exposure. The vulnerability is due to insecure cache directives for the auth DB login form, which allows browsers to locally store sensitive data...

Flask-AppBuilder's login form allows browser to cache sensitive fields

Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources...

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

JBoss Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Vulnerability Scanner', 'Description' = %q This module scans a JBoss instance for a few vulnerabilities. , 'Author' = 'Tyler Krpata', 'Zach...

Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal", 'Description' = %q This module exploits a directory...

Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear R7000 backup.cgi Heap Overflow RCE', 'Description' = %q This module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of...