Authentication Bypass

gitlab is vulnerable to Authentication Bypass. The vulnerability allows an attacker to bypass 2FA for LDAP users and access some specific pages with Basic Authentication...

Information Exposure

Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure. Elasticsearch Output plugin would log to file HTTP basic auth credentials when updating connections after sniffing. Remediation Upgrade logstash-core to...

Authentication flaw

The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication...

CVE-2023-33868

CVE-2023-33868 concerns an authentication flaw in PiiGAB M-Bus software (notably the 900S family). The root issue is an unlimited number of login attempts, enabling brute-force against HTTP basic authentication. Public sources (NVD, CVE list, PRION, ics-advisory) consistently describe this vulner...

PT-2023-24522 · Piigab · M-Bus Softwarepack +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns the lack of limitation on the number of login attempts, which could allow an attacker to perform a brute force attack on HTTP basic...

CVE-2023-29168

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...

CVE-2023-29168

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...

Design/Logic Flaw

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...

CVE-2023-29168 PTC Vuforia Studio Insufficiently Protected Credentials

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...

CVE-2023-29168 PTC Vuforia Studio Insufficiently Protected Credentials

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...

CVE-2023-29168

CVE-2023-29168 affects PTC Vuforia Studio: the local Vuforia web application does not support HTTPS and federated credentials are passed via basic authentication, exposing credentials. Affected products: Vuforia Studio all versions prior to 9.9. According to the ICS advisory, it is exploitable re...

Unauthenticated Blind SSRF

Description The Oxeye research team found Owncast vulnerable to an Unauthenticated Blind SSRF vulnerability. This vulnerability may allow an unauthenticated attacker to force the Owncast server to send HTTP requests to arbitrary locations using the GET HTTP method. This vulnerability also allows...

SUSE CVE-2023-32319

Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...

Nextcloud 安全漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud server that stems from the lack of brute-force protection for WebDAV endpoints via the basic authentication header...

PT-2023-23726 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud server versions 24.0.0 through 24.0.10 Nextcloud server versions 25.0.0 through 25.0.4 Nextcloud server versions prior to 26.0.0 Description: The issue is related to missing brute-force protection on the WebDAV endpoints via the bas...

SUSE-SU-2023:0821-1 Security update for grafana

This update for grafana fixes the following issues: - CVE-2022-23552: Fixed SVG processing by adding a dompurify preprocessor step bsc1207749. - CVE-2022-39324: Fixed originalUrl spoof security issue bsc1207750. - CVE-2022-41723: Fixed go issue to avoid quadratic complexity in HPACK decoding...

K20606443: iControl REST CSRF vulnerability CVE-2020-5922

Security Advisory Description iControl REST does not implement cross-site request forgery CSRF protections for users applying basic authentication in a web browser. CVE-2020-5922 Impact In a successful exploit, an attacker can run JavaScript in the context of the currently logged-in user. For an...

Dynosaur-Rails 授权问题漏洞

Dynosaur-Rails is the web management interface for Dynosaur. An authorization issue vulnerability exists in harrystech Dynosaur-Rails that stems from a problem with the function basicauth in the file app/controllers/applicationcontroller.rb, which can lead to incorrect authentication...

PT-2023-10262 · Harrystech · Harrystech Dynosaur-Rails

Name of the Vulnerable Software and Affected Versions: harrystech Dynosaur-Rails affected versions not specified Description: A critical vulnerability has been found in harrystech Dynosaur-Rails, affecting the basic auth function of the file app/controllers/application controller.rb. The...

SUSE CVE-2004-0600

Buffer overflow in the Samba Web Administration Tool SWAT in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication...