IBM Security Verify Access Unauthorized Access Vulnerability

IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. IBM Security Verify Access versions 10.0.0.0, 10.0.1.0 and 10.0.2.0 have a security vulnerability that could be exploited by an attacker to authenticate as any user on the system authenticate as any user...

GHSA-R683-J2X4-V87G node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site...

CVE-2021-43834

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances wher...

Mozilla Firefox Security Advisory (MFSA2015-04) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ImageMagick Vulnerability (NS-SA-2021-0186)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ImageMagick packages installed that are affected by a vulnerability: - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF...

Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for...

Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for...

ADCSPwn - A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts Petitpotam and relaying to the certificate service. Usage Run ADCSPwn on your target network. authentication will be relayed to. Optional arguments: port - The port ADCSPwn will listen on...

The vulnerability of the “authenticate” function in the console-based image editing tool ImageMagick is related to errors in processing XML requests. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the “authenticate” function in the console-based image editing tool ImageMagick is related to incorrect password filtering. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures...

PT-2021-23591 · Unknown · Github.Com/Ecnepsnai/Web

Name of the Vulnerable Software and Affected Versions: github.com/ecnepsnai/web package versions prior to 1.5.2 Description: The issue arises when Web Sockets do not execute any AuthenticateMethod methods, potentially leading to a nil pointer dereference or authentication bypass. This problem...

python-httplib2: Regular expression denial of service via malicious header

An uncontrolled resource consumption flaw as found in python-httplib2, due to a flawed regular expression used while parsing the WWW-Authenticate header in an HTTP response. This flaw allows a malicious or compromised server to reply with a crafted sequence of characters in the WWW-Authenticate...

Exploit for CVE-2020-1472

CVE-2020-1472 is a vulnerability in the Windows Netlogon service that allows an attacker to authenticate as the computer account password. The vulnerability is a buffer overflow in the Netlogon service, which can be exploited by sending a specially crafted request to the service. The exploit code...

The vulnerability of the authenticate function in the services/httpd/handler.go component of the database, related to the deficiencies in the authentication process, allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability in the authenticate function of the services/httpd/handler.go component of the database backend, InfluxDB, stems from the lack of a check to ensure that a value is present in the parameter. Exploiting this vulnerability allows an attacker who operates remotely to access...

Design/Logic Flaw

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and...

Microsoft Exchange Server 代码问题漏洞

Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server request forgery vulnerability can be exploited by an attacker to be able to send arbitrary HTTP requests and authenticate with Exchange Server...

Amazon Linux 2 : ImageMagick (ALAS-2021-1596)

The version of ImageMagick installed on the remote host is prior to 6.9.10.68-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1596 advisory. A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF fil...

CVE-2021-21240

An uncontrolled resource consumption flaw as found in python-httplib2, due to a flawed regular expression used while parsing the WWW-Authenticate header in an HTTP response. This flaw allows a malicious or compromised server to reply with a crafted sequence of characters in the WWW-Authenticate...

CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

PYSEC-2021-16

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...