Lucene search
K

112 matches found

Cvelist
Cvelist
added 2024/10/09 12:0 a.m.23 views

CVE-2024-45160

Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...

0.00515EPSS
Exploits0References5
CVE
CVE
added 2024/10/09 12:0 a.m.60 views

CVE-2024-45160

CVE-2024-45160 affects LemonLDAP::NG versions 2.18.x and 2.19.x prior to 2.19.2. The issue is an incorrect credential validation that allows an attacker to bypass OAuth2 client authentication by supplying an empty client_password (client secret). The vulnerability outcome is a potential credentia...

9.1CVSS7.2AI score0.00515EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/10/09 12:0 a.m.16 views

CVE-2024-45160

Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...

9.1CVSS5.3AI score0.00515EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/09/27 9:4 a.m.15 views

Cybersecurity Certifications: The Gateway to Career Advancement

In today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you're a seasoned cyber professional or just startin...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.190 views

SAP BusinessObjects User Bruteforcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP BusinessObjects User Bruteforcer', 'Description' = 'This module attempts to bruteforce SAP BusinessObjects users. The dswsbobje interface is...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/20 5:27 a.m.18 views

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitiv...

6.7AI score
Exploits0
OSV
OSV
added 2024/08/08 7:21 p.m.5 views

USN-6948-1 salt vulnerabilities

It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. CVE-2020-16846 It was discovered that Salt incorrectly created certificates with weak file permissions. CVE-2020-17490 It was discovered that Salt...

9.8CVSS6.9AI score0.99585EPSS
Exploits13References13
Ubuntu
Ubuntu
added 2024/08/08 7:21 p.m.38 views

USN-6948-1: Salt vulnerabilities

It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. CVE-2020-16846 It was discovered that Salt incorrectly created certificates with weak file permissions. CVE-2020-17490 It was discovered that Salt...

9.8CVSS7.3AI score0.99585EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2024/08/08 12:0 a.m.38 views

Ubuntu 16.04 LTS / 18.04 LTS : Salt vulnerabilities (USN-6948-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6948-1 advisory. It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary...

9.8CVSS7.5AI score0.99585EPSS
Exploits13References13
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.4 views

Red Hat OpenShift 信息泄露漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. Red Hat OpenShift suffers from an information disclosure vulnerability that stems from a lack of proper credential validation, which...

5.3CVSS5.2AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2024/03/29 3:15 p.m.6 views

CVE-2024-28405

SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMSFuntion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges...

7.2CVSS5.8AI score0.00801EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.5 views

IBM SAN Volume Controller Trust Management Issue Vulnerability

IBM SAN Volume Controller is a storage virtualization system from International Business Machines IBM. The system provides a single point of control over storage resources and supports tiered storage, consolidated storage, and disaster recovery. A trust management issue vulnerability exists in IB...

7.5CVSS6.7AI score0.00546EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/23 12:0 a.m.4 views

Glewlwyd SSO server security vulnerability

Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in Glewlwyd SSO server versions prior to 2.7.6 that stems from a buffer overflow vulnerability in the FIDO2 credential validation proces...

9.8CVSS7.4AI score0.00882EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.5 views

Veritas Technologies Veritas NetBackup Trust Management Issues Vulnerabilities

Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies, USA. A security vulnerability exists in Veritas NetBackup Snapshot Manager versions prior to 10.2.0.1 that originates from allowing untrusted clients to interact with t...

9.8CVSS6.7AI score0.00334EPSS
Exploits0References3
Prion
Prion
added 2023/08/09 5:15 p.m.24 views

Design/Logic Flaw

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. Th...

3.6CVSS6.6AI score0.00308EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/09 4:9 p.m.18 views

CVE-2023-39531 Sentry vulnerable to incorrect credential validation on OAuth token requests

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. Th...

6.5CVSS6.7AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2023/08/09 4:9 p.m.2502 views

CVE-2023-39531

CVE-2023-39531 affects Sentry. From version 10.0.0 up to, but not including, 23.7.2, an attacker with client-side exploits could obtain a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The attack requires a known client_id and an API ap...

6.8CVSS6.4AI score0.00308EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/28 12:0 a.m.38 views

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.5 - Authentication Bypass

The improper credential validation on the plugin allows unauthenticated attackers to escalate privileges if administrator's emails is known...

9.8CVSS7.2AI score0.46242EPSS
Exploits4Affected Software1
Cvelist
Cvelist
added 2023/03/13 9:40 p.m.40 views

CVE-2023-27582 Full authentication bypass if SASL authorization username is specified

maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted...

9.1CVSS10AI score0.01019EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

Rapid7 Nexpose 信任管理问题漏洞

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can utilize scanning results to deeply probe the network. The software supports scanning of configuration environments for errors, vulnerabilities, malware, and more. A security vulnerability exists in Rapid7...

5.3CVSS6.1AI score0.00295EPSS
Exploits0References3
Rows per page
Query Builder