112 matches found
CVE-2024-45160
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...
CVE-2024-45160
CVE-2024-45160 affects LemonLDAP::NG versions 2.18.x and 2.19.x prior to 2.19.2. The issue is an incorrect credential validation that allows an attacker to bypass OAuth2 client authentication by supplying an empty client_password (client secret). The vulnerability outcome is a potential credentia...
CVE-2024-45160
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...
Cybersecurity Certifications: The Gateway to Career Advancement
In today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you're a seasoned cyber professional or just startin...
SAP BusinessObjects User Bruteforcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP BusinessObjects User Bruteforcer', 'Description' = 'This module attempts to bruteforce SAP BusinessObjects users. The dswsbobje interface is...
Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information
Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitiv...
USN-6948-1 salt vulnerabilities
It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. CVE-2020-16846 It was discovered that Salt incorrectly created certificates with weak file permissions. CVE-2020-17490 It was discovered that Salt...
USN-6948-1: Salt vulnerabilities
It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. CVE-2020-16846 It was discovered that Salt incorrectly created certificates with weak file permissions. CVE-2020-17490 It was discovered that Salt...
Ubuntu 16.04 LTS / 18.04 LTS : Salt vulnerabilities (USN-6948-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6948-1 advisory. It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary...
Red Hat OpenShift 信息泄露漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. Red Hat OpenShift suffers from an information disclosure vulnerability that stems from a lack of proper credential validation, which...
CVE-2024-28405
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMSFuntion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges...
IBM SAN Volume Controller Trust Management Issue Vulnerability
IBM SAN Volume Controller is a storage virtualization system from International Business Machines IBM. The system provides a single point of control over storage resources and supports tiered storage, consolidated storage, and disaster recovery. A trust management issue vulnerability exists in IB...
Glewlwyd SSO server security vulnerability
Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in Glewlwyd SSO server versions prior to 2.7.6 that stems from a buffer overflow vulnerability in the FIDO2 credential validation proces...
Veritas Technologies Veritas NetBackup Trust Management Issues Vulnerabilities
Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies, USA. A security vulnerability exists in Veritas NetBackup Snapshot Manager versions prior to 10.2.0.1 that originates from allowing untrusted clients to interact with t...
Design/Logic Flaw
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. Th...
CVE-2023-39531 Sentry vulnerable to incorrect credential validation on OAuth token requests
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. Th...
CVE-2023-39531
CVE-2023-39531 affects Sentry. From version 10.0.0 up to, but not including, 23.7.2, an attacker with client-side exploits could obtain a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The attack requires a known client_id and an API ap...
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.5 - Authentication Bypass
The improper credential validation on the plugin allows unauthenticated attackers to escalate privileges if administrator's emails is known...
CVE-2023-27582 Full authentication bypass if SASL authorization username is specified
maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted...
Rapid7 Nexpose 信任管理问题漏洞
Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can utilize scanning results to deeply probe the network. The software supports scanning of configuration environments for errors, vulnerabilities, malware, and more. A security vulnerability exists in Rapid7...