9 matches found
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from a session fixation issue in the login endpoint. This vulnerability could allow unauthenticated attackers to intercept the authentication process,...
Bizerba BRAIN2 安全漏洞
Bizerba BRAIN2 is an industrial software platform from Bizerba, Germany. A security vulnerability exists in Bizerba BRAIN2 that stems from unencrypted communication when using Active Directory services, which could lead to interception of authentication data and compromise of confidentiality...
CVE-2024-26013
A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and...
The vulnerability of D-Link DIR-600 router’s microprogramming software, related to the manipulation of inter-site requests, allows a hacker to increase their privileges.
The vulnerability of D-Link DIR-600 router’s microprogramming software is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to enhance their privileges by intercepting authentication requests remotely...
UPS VDP: Admin Authentication Bypass Lead to Admin Account Takeover
Hello Team I found that i can bypass the login page of the Admin account by intercepting the respone of the login request of connectnb.ups.com subdomain and change status from false to true Steps To Reproduce: 1. Open https://connectnb.ups.com/Layout/login 2. Enter Admin as a Username and 1111 as...
CVE-2021-34574
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...
The vulnerability of Advantech WebAccess remote monitoring software, related to the manipulation of cross-site requests, allows a hacker to intercept the authentication of any user.
The vulnerability of Advantech WebAccess remote monitoring software relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the authentication of any user using special scripts to simulate trusted accounts...
webERP 4.3.8 - reportwriterFormMaker.php?ReportID SQL Injection
webERP 4.3.8 - reportwriterFormMaker.php?ReportID SQL Injection source: https://www.securityfocus.com/bid/50713/info webERP is prone to information-disclosure, SQL-injection, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may...
KTH Kerberos 4 - Arbitrary Proxy Usage
KTH Kerberos 4 - Arbitrary Proxy Usage source: https://www.securityfocus.com/bid/2090/info Kerberos is a widely used network service authentication system. The version of Kerberos developed and maintained by KTH Swedish Royal Institute of Technology contains a vulnerability that may allow/assist ...