33 matches found
Authentication flaw
An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function...
CVE-2023-39550
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the httppasswd and httpusername parameters in the checkauth function...
Percona Monitoring and Management 路径遍历漏洞
Percona Monitoring and Management is an open-source database monitoring solution from Percona, USA. A security vulnerability exists in Percona Monitoring and Management server version 2.x prior to 2.37.1, which stems from the authentication function in authserver.go that does not properly formali...
Synology DiskStation Manager Buffer Overflow Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A buffer overflow vulnerability exists in Synology DiskStation Manager DSM,...
Command injection
SAP Internet Communication framework ICM - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request a...
PT-2021-22902 · Sap · Sap Internet Communication Framework
Name of the Vulnerable Software and Affected Versions: SAP Internet Communication framework ICM versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785 Description: The issue allows an attacker with logon functionality to exploit the authentication function. This can be done...
Denial Of Service
libssh is vulnerable to denial of service. The vulnerability exists due to authentication function which is using the buffer size of the initial secret key which can cause a heap-buffer overflow...
httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...
httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...
Denial of Service Vulnerability in Damon Database
Damon Database Management System is a database management system introduced by Damon, abbreviated as DM. A buffer overflow vulnerability exists in the authentication function of Damon Database. It can cause the database to go down or even cause the operating system to be controlled...
httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...
UBUNTU-CVE-2014-9293
The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...
CVE-2012-6029
Multiple cross-site scripting XSS vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 cm or 2 uri parameters to a perfigoweblogin.jsp, or the 3 cm, 4 provider, 5 session, 6 uri, 7...