OpenAM 注入漏洞

OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation, and federation capabilities. An injection vulnerability exists in Open Access Management OpenAM versions prior to 16.0.0 that stems from the...

CVE-2023-51141

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component...

CVE-2025-3931

Yggdrasil (the system daemon that uses a D-Bus message broker to route data to worker processes) has a local privilege escalation flaw (CVE‑2025‑3931) due to missing authentication/authorization when dispatching messages to workers. An attacker with local system access could leverage this unprote...

Scaling Dynamic Application Security Testing (DAST)

Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, and Secure Operations. A key component of the Security Development...

CVE-2024-54660

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the...

CVE-2024-54660

CVE-2024-54660 affects Cloudera JDBC Connector for Hive (before 2.6.26) and JDBC Connector for Impala (before 2.6.35). The issue is a JNDI injection triggered by untrusted values in the JAAS-using krbJAASFile parameter within the JDBC URL during connection, allowing potential remote code executio...

PT-2024-40122 · Neos · Neos

Name of the Vulnerable Software and Affected Versions: Neos versions 2.0.x Description: The issue allows for several XSS attacks, enabling an attacker to tamper with page rendering, redirect victims to a fake login page, or capture user credentials. An attacker could also gain access to the serve...

CVE-2023-51141

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component...

CVE-2023-51141

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component...

PT-2024-14055 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeko BioTime versions 8.5.4 and earlier Description: An issue in the Authentication & Authorization component allows a remote attacker to obtain sensitive information. Monitor access logs for unusual activity. Recommendations: For ZKTeko...

Authentication flaw

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

SecurEnvoy SecurMail 9.1.501 XSS / CSRF / Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501 or hotfix patch "1012018" CVE number: CVE-2018-7701,...

USN-3179-1: OpenJDK 8 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

CVE-2014-3612

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...

CVE-2014-3612

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...

CVE-2015-6524

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...

Blue Coat Authentication and Authorization Agent Remote Overflow

The version of Blue Coat Authentication and Authorization Agent installed on the remote Windows host is earlier than build 60258. It is, therefore, potentially affected by a stack-based buffer overflow vulnerability when handling specially crafted TCP packets on port 16102. By exploiting this fla...