CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

EUVD-2023-52322

Malicious code in bioql PyPI...

Mars: SQLi At `███████` via `theme_name`

A SQL injection vulnerability was discovered in a web application's theme selection endpoint through the "themename" parameter. Using SQLMap, the vulnerability was demonstrated to be exploitable through both error-based and time-based blind injection attacks against a MySQL database version 5.1 o...

Internet Archive attackers email support users: “Your data is now in the hands of some random guy”

Those who hacked the Internet Archive haven't gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting replies to the tickets from the hackers themselves. Internet Archive, most known for its Wayback Machine, is a digital library that allows users to look at...

Authentication flaw

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

CVE-2023-48253

The connected documents repeat the CVE-2023-48253 issue: an authenticated remote attacker can read or update arbitrary content in the authentication database via a crafted HTTP request, potentially exfiltrating password hashes and compromising user accounts. Bosch-related entries (Nexo cordless t...

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

PT-2024-13561 · Rexroth +1 · Nexo Cordless Nutrunner Nxa011S-36V +8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. This can...

GHSA-32FF-4G79-VGFC Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings

Impact An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes...

PT-2022-20589 · Pypi · Flask-Appbuilder

Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.1.3 Description: An authenticated Admin user could query other users by their salted and hashed passwords strings, using partial hashed password strings. The response would not include the hashed passwords...

PT-2010-3684 · Pyftpd · Pyftpd

Name of the Vulnerable Software and Affected Versions: Pyftpd version 0.8.4 Description: The issue concerns hard-coded usernames and passwords in the auth db config.py file for the test, user, and roxon accounts. This allows remote attackers to read arbitrary files from the FTP server...

BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload

source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may...