152 matches found
CVE-2016-0903
EMC Avamar Server (ADS/AVE) before 7.3.0-233 uses client-side authentication, allowing remote attackers to spoof clients and read backup data via a modified agent. Affected: Avamar Data Store and Avamar Virtual Edition. Impact: read-backup data. Remediation: upgrade to 7.3.0-233 or later as docum...
The vulnerability of the Zyxel ZLD operating system, which allows a malicious individual to trigger a service failure.
The Web interface of the Zyxel ZyWALL USG 300 network switch/router contains a vulnerability related to authentication on the client side. This allows a malicious individual to obtain device administrator privileges by manipulating the “IsAdmin” parameter...
B.A.S C2Box Security Bypass Vulnerability
B.A.S C2Box is a financial management solution for managing domestic and cross-border payment processes from B.A.S France. A security vulnerability exists in B.A.S C2Box 4.0.0 r19171 and prior versions, which stems from a failure to protect server-side code when performing authentication on the...
Gratipay: auto-logout after 20 minutes
Hi, Session is not getting expired even after keeping the application idle for 20 min and after browser closure. Information: JavaScript code can be used by the web application in all or critical pages to automatically logout client sessions after the idle timeout expires, for example, by...
Mageia: Security Advisory (MGASA-2015-0283)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Basware Banking Denial of Service Vulnerability
Basware Banking Maksuliikenne is a suite of software from the Finnish company Basware that establishes connections with banks to manage their own finances. A security vulnerability exists in Basware Banking version 8.90.07 and earlier, which arises from the program's reliance on the client to...
MGASA-2015-0282 Updated wesnoth packages fix security vulnerability
Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed usi...
Updated wesnoth packages fix security vulnerability
Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed usi...
Updated wesnoth packages fix security vulnerability
Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed in...
CVE-2015-2847
Honeywell Tuxedo Touch before 5.2.19.0VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream...
CVE-2015-2847
Honeywell Tuxedo Touch Controller (prior to 5.2.19.0_VA) is affected by CVE-2015-2847 due to client-side authentication performed in JavaScript. By intercepting and dropping USERACCT=… requests from the client-server data stream, a remote attacker can bypass authentication and access restricted p...
CVE-2009-0216
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module...