CVE-2023-51049

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...

GHSA-PQJ5-37XF-X5GC blinksocks has weak encryption algorithms

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

blinksocks has weak encryption algorithms

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

CVE-2023-50481

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

CVE-2023-50481

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

blinksocks security breach

blinksocks is a blinksocks open source framework for building composable proxy stacks. A security vulnerability exists in blinksocks version 3.3.8, which stems from a vulnerability that allows remote attackers to gain access to sensitive information via a weak encryption algorithm in...

CVE-2023-50481

CVE-2023-50481 affects blinksocks 3.3.8. The vulnerability is in the component /presets/ssr-auth-chain.js, due to the use of weak encryption algorithms (and fixed IVs) that can disclose sensitive information. Impact is described as sensitive information disclosure; no exploit details are provided...

PT-2023-31620 · Unknown · Yii2-Authclient

Name of the Vulnerable Software and Affected Versions: yii2-authclient versions prior to 2.2.15 Description: The Oauth2 PKCE implementation in yii2-authclient is vulnerable in two ways. First, the authCodeVerifier should be removed after usage, similar to authState. Second, there is a risk for a...

Exploit for Code Injection in Apache Ofbiz

CVE-2023-49070 Pre-auth RCE in Apache Ofbiz!!...

Denial Of Service (DoS)

ckan is vulnerable to Denial of Service DoS. The vulnerability exists because it does not properly validate the auth cookie in init.py which allows an attacker to create an out-of-memory error in the hosting server...

Cleartext Storage Of Sensitive Information

oic-auth is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to a password of a local user account stored in plain text. This password is used as an anti-lockout feature. An attacker with access to jenkins controller file system can recover this password and like...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2023-3445)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Code Injection in Apache Ofbiz

ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For C...

GHSA-26HR-Q2WP-RVC5 User with permission to write actions can impersonate another user when auth token is configured in environment variable

Impact When lakeFS is configured with ALL of the following: - Configuration option auth.encrypt.secretkey passed through environment variable - Actions enabled via configuration option actions.enabled default enabled then a user who can configure an action can impersonate any other user. Patches...

PT-2023-29939 · Extreme Networks · Iq Engine

Name of the Vulnerable Software and Affected Versions: Extreme Networks IQ Engine versions prior to 10.6r1a Extreme Networks IQ Engine versions 10.6r1a through 10.6r4 before 10.6r5 Description: The issue is related to a Buffer Overflow vulnerability in the implementation of the ah auth service,...

PT-2023-31363 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.23.9 Description: Uptime Kuma is a self-hosted monitoring tool that uses WebSocket with Socket.io. Prior to version 1.23.9, the application does not verify the source of communication, allowing third-party...

CVE-2023-49070 Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10...

CVE-2023-49070

CVE-2023-49070 is a pre-auth RCE in Apache OFBiz up to version 18.12.09, caused by an unused XML-RPC component that remains present. Affected product: Apache OFBiz before 18.12.10 (and related CVE-2023-51467 authentication-bypass vector). The severity is high (CVSS v3.1 base score 9.8) with netwo...

Malicious code in ng-iw-auth-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0b2c0e798068a786168885e29f151a6f4e1b231ce79af7c664d83c5774ed1ce6 The OpenSSF Package Analysis project identified 'ng-iw-auth-tools' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Amazon Linux 2 : dovecot (ALAS-2023-2365)

The version of dovecot installed on the remote host is prior to 2.2.36-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2365 advisory. An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist wi...