6609 matches found
Business Website CMS 1.9 SQL Injection
==================================================================================================================================== | Title : Business Website CMS v1.9 Auth Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Brigadasoft CMS 2.1 SQL Injection
==================================================================================================================================== | Title : Brigadasoft CMS v2.1 Auth Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...
Bayfront CMS 1.0 SQL Injection
==================================================================================================================================== | Title : Bayfront-CMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...
GHSA-P756-66W2-35G7 Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery
Jenkins Assembla Auth Plugin 1.14 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request. This vulnerability allows attackers to trick users into logging in to the attacker’s account...
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery
Jenkins Assembla Auth Plugin 1.14 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request. This vulnerability allows attackers to trick users into logging in to the attacker’s account...
CVE-2023-37961
A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-37961
A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-37961
A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-37961
CVE-2023-37961 describes a CSRF flaw in Jenkins Assembla Auth Plugin
CVE-2023-37961
A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...
GHSA-47R2-PHR8-M8CP Apache Pulsar Broker Improper Authentication vulnerability
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (=2.11.0) +3 more potentially affected by CVE-2023-31007 via org.apache.pulsar:pulsar-broker (=2.11.0)
org.apache.pulsar:pulsar-broker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (=2.11.0) +3 more potentially affected by CVE-2023-30428 via org.apache.pulsar:pulsar-broker (=2.11.0)
org.apache.pulsar:pulsar-broker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...
kube-apiserver: PrivEsc
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...
@glarus-labs/vendure-social-auth (>=0.0.1 <=0.1.1), @mirahi/vendure-adyen-dropin-plugin (>=0.0.1 <=0.0.5) +1 more potentially affected by unknown CVE via @vendure/core (>=0.11.1 <=1.9.6)
@vendure/core NPM version =0.11.1, =0.0.1, =0.0.1, =0.0.5 - @zifahm/vendure-social-auth =0.1.2 Source cves: unknown CVE Source advisory: OSV:GHSA-H9WQ-XCQX-MQXM...
CANDOO Strategic CMS 2.0 SQL Injection
==================================================================================================================================== | Title : CANDOO Strategic CMS V2.0 Auth By pass vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
CVE-2023-29095
The CVE-2023-29095 entry concerns the RSVPMaker WordPress plugin by David F. Carr. Affected versions are prior to 10.5.5 and the vulnerability is an SQL Injection in the RSVPMaker plugin that can be exploited with Administrator+ privileges. The issue is addressed in version 10.5.5 and later, whic...
Barberry Security Advisory - regarding x/auth periodic vesting accounts
Impact In PeriodicVestingAccount, defined in x/auth, an attacker can initialize a victim's account as a malicious vesting account, which allows deposits but does not allow withdrawals. When the user then deposits funds into their account, those funds are locked forever, and the user is not able t...