41 matches found
Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled
Description Overview When LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the LDAP server to intercept all...
PT-2026-38301
Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description When LDAP TLS is enabled via the LDAP USE TLS variable, the LDAP authentication module in the bind function unconditionally disables TLS certificate verification at the global ldap module level. This...
CVE-2026-30836
A flaw was found in Step CA, an online certificate authority. A remote attacker can exploit this vulnerability by sending an unauthenticated SCEP Simple Certificate Enrollment Protocol Update Request. This allows the attacker to issue unauthorized certificates, potentially leading to a compromise...
CVE-2022-42067
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...
EUVD-2014-3089
Malware in sbrugna...
EUVD-2000-1062
Malware in sbrugna...
CVE-2022-42069
Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting XSS vulnerability...
CVE-2022-42071
Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting XSS Vulnerability...
CVE-2022-42070
Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery CSRF...
PT-2022-26231 · Unknown · Online Birth Certificate Management System
Name of the Vulnerable Software and Affected Versions: Online Birth Certificate Management System version 1.0 Description: The issue is related to a persistent Cross Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the system, which will be executed ...
CVE-2022-42067
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...
CVE-2022-42071
Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting XSS Vulnerability...
PT-2022-26234 · Unknown · Online Birth Certificate Management System
Name of the Vulnerable Software and Affected Versions: Online Birth Certificate Management System version 1.0 Description: The Online Birth Certificate Management System is affected by a Cross Site Scripting XSS issue. This allows an attacker to inject malicious scripts into the system, potential...
CVE-2022-42069
Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting XSS vulnerability...
CVE-2022-42069
Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting XSS vulnerability...
CVE-2022-42070
Online Birth Certificate Management System version 1.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability. The root cause is CSRF protection insufficiency that could allow an attacker to perform unintended actions in an authenticated user context. The case is discussed across multip...
PT-2022-26230 · Unknown · Online Birth Certificate Management System
Name of the Vulnerable Software and Affected Versions: Online Birth Certificate Management System version 1.0 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability. This means that the system may allow unauthorized access to sensitive information by...
CVE-2022-42069
CVE-2022-42069 affects Online Birth Certificate Management System version 1.0. The Connected documents corroborate a persistent Cross-Site Scripting (XSS) vulnerability in this software, including references noting stored XSS and the vulnerable version. The available data do not specify root caus...
CVE-2022-42067
CVE-2022-42067 concerns an Insecure Direct Object Reference (IDOR) vulnerability in the Online Birth Certificate Management System version 1.0. The available documents identify the affected product and vulnerability class but do not provide deeper root-cause details, exploit vectors, or explicit ...
PT-2022-26233 · Unknown · Online Birth Certificate Management System
Name of the Vulnerable Software and Affected Versions: Online Birth Certificate Management System version 1.0 Description: The issue concerns a Cross Site Request Forgery CSRF problem. This means an attacker could potentially trick a user into performing unintended actions on the system...