EUVD-2022-36982

Malicious code in bioql PyPI...

PT-2025-30177 · Metasoft · Metacrm

Name of the Vulnerable Software and Affected Versions: Metasoft MetaCRM versions up to 6.4.2 Description: A critical issue exists in Metasoft MetaCRM. The vulnerability affects an unknown part of the /debug.jsp file and leads to improper authentication. The attack can be initiated remotely. The...

WordPress WP Compress plugin <= 6.30.30 - Broken Authentication Vulnerability

Broken Authentication Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Compress versions = 6.30.30...

CVE-2024-29892

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim urn:zitadel:iam:user:resourceowner:name. To compensate for this ...

Medium: nginx

Issue Overview: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

CVE-2021-43447

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication...

SimpleSAMLphp 跨站脚本漏洞

SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. SimpleSAMLphp suffers from a cross-site scripting vulnerability that stems from some unknown processing that manipulates to cause cross-site scripting...

ActivIdentity 8.2 - &#039;ac.sharedstore&#039; Unquoted Service Path

Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2021-03-21 Software Version : ActivIdentity 8.2 Vendor Homepage : https://www.hidglobal.com/ Tested on OS: Windows 7 Pro ActivIdentity was Acquired by HID Global in Octuber 2010...

WEM 4.6 - Error accessing to the admin console: "You are not registered as a Workspace Environment Management administrator."

Error while connecting to WEM admin console: "You are not registered as a Workspace Environment Management Administrator. Therefore, you are not allowed to access the service. Please contact your Workspace Environment Management Administrator to gain access."...

Error: "32 authentication policies are already bound" While Binding Authentication Policy

When multiple policies two-factor are used for one virtual server with the total number of policies exceeding 32, there will be error message popping up "32 authentication policies are already bound"...

IBM Security Access Manager for Web Security Bypass Vulnerability

IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business is a suite of IBM products for user authentication, authorization, and Web single sign-on solutions that provide user access management and Web application protection Functions. A security bypass...

EMC RSA Adaptive Authenticatio crossite scripting

Flash file crossite scripting...

Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files

Overview Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools. Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software...