MAL-2022-3827 Malicious code in ing-lib-authenticate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c3ac7548488153407ae012be79d50d5f991924e33fbf536557d10c353be61af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Inductive Automation Ignition 访问控制错误漏洞

Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, Inc. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface, and more. Inductive Automation Ignition suffers from an Access Control Erro...

CVE-2022-2306

Old session tokens can be used to authenticate to the application and send authenticated requests...

CVE-2022-2306 Insufficient Session Expiration in heroiclabs/nakama

Old session tokens can be used to authenticate to the application and send authenticated requests...

CVE-2022-31057

Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue...

OpenStack Swift Cross-site Scriping vulnerability

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

GHSA-66VJ-393F-HXFV OpenStack Swift Cross-site Scriping vulnerability

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

CVE-2022-29167

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

Cross site request forgery (csrf)

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

FreeTAKServer-UI SQL注入漏洞

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam team.FreeTAKServer-UI is vulnerable to SQL injection, which stems from the API endpoint/AuthenticateUser containing SQL injection into the SQLite3 database, which can be exploited by an attacker to obtain the database All...

IBM Security Verify Access Unauthorized Access Vulnerability

IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. IBM Security Verify Access versions 10.0.0.0, 10.0.1.0 and 10.0.2.0 have a security vulnerability that could be exploited by an attacker to authenticate as any user on the system authenticate as any user...

GHSA-R683-J2X4-V87G node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site...

CVE-2021-43834

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances wher...

Mozilla Firefox Security Advisory (MFSA2015-04) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ImageMagick Vulnerability (NS-SA-2021-0186)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ImageMagick packages installed that are affected by a vulnerability: - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF...

Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for...

Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for...

ADCSPwn - A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts Petitpotam and relaying to the certificate service. Usage Run ADCSPwn on your target network. authentication will be relayed to. Optional arguments: port - The port ADCSPwn will listen on...

PT-2021-23591 · Unknown · Github.Com/Ecnepsnai/Web

Name of the Vulnerable Software and Affected Versions: github.com/ecnepsnai/web package versions prior to 1.5.2 Description: The issue arises when Web Sockets do not execute any AuthenticateMethod methods, potentially leading to a nil pointer dereference or authentication bypass. This problem...

python-httplib2: Regular expression denial of service via malicious header

An uncontrolled resource consumption flaw as found in python-httplib2, due to a flawed regular expression used while parsing the WWW-Authenticate header in an HTTP response. This flaw allows a malicious or compromised server to reply with a crafted sequence of characters in the WWW-Authenticate...