19 matches found
CVE-2026-47784
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...
EUVD-2023-52322
Malicious code in bioql PyPI...
Mars: SQLi At `███████` via `theme_name`
A SQL injection vulnerability was discovered in a web application's theme selection endpoint through the "themename" parameter. Using SQLMap, the vulnerability was demonstrated to be exploitable through both error-based and time-based blind injection attacks against a MySQL database version 5.1 o...
CVE-2023-48253
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...
Smiths Detection HI-SCAN 6040i Hitrax HX-03-19-I 安全漏洞
The Smiths Detection HI-SCAN 6040i Hitrax HX-03-19-I is an entry-level X-ray equipment electronic component from Smiths Detection, UK. A security vulnerability exists in the Smiths Detection HI-SCAN 6040i Hitrax HX-03-19-I, which stems from an issue in the AsDB service that allows an attacker to...
Internet Archive attackers email support users: “Your data is now in the hands of some random guy”
Those who hacked the Internet Archive haven't gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting replies to the tickets from the hackers themselves. Internet Archive, most known for its Wayback Machine, is a digital library that allows users to look at...
Aruba Networks ArubaOS 安全漏洞
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from a buffer overflow in the underlying Local User...
PT-2024-3680 · Aruba · Arubaos
Name of the Vulnerable Software and Affected Versions: ArubaOS versions affected versions not specified Description: The issue is a buffer overflow vulnerability in the Local User Authentication Database service. This vulnerability could lead to unauthenticated remote code execution by sending...
CVE-2023-48253
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...
Authentication flaw
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...
CVE-2023-48253
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...
CVE-2023-48253
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...
CVE-2023-48253
The connected documents repeat the CVE-2023-48253 issue: an authenticated remote attacker can read or update arbitrary content in the authentication database via a crafted HTTP request, potentially exfiltrating password hashes and compromising user accounts. Bosch-related entries (Nexo cordless t...
PT-2024-13561 · Rexroth +1 · Nexo Cordless Nutrunner Nxa011S-36V +8
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. This can...
GHSA-32FF-4G79-VGFC Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Impact An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes...
PT-2022-20589 · Pypi · Flask-Appbuilder
Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.1.3 Description: An authenticated Admin user could query other users by their salted and hashed passwords strings, using partial hashed password strings. The response would not include the hashed passwords...
PT-2010-3684 · Pyftpd · Pyftpd
Name of the Vulnerable Software and Affected Versions: Pyftpd version 0.8.4 Description: The issue concerns hard-coded usernames and passwords in the auth db config.py file for the test, user, and roxon accounts. This allows remote attackers to read arbitrary files from the FTP server...
BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload
source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may...
CVE-2000-0143
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP...