29 matches found
PT-2022-24885 · Ree6 · Ree6
Name of the Vulnerable Software and Affected Versions: Ree6 versions prior to 1.9.9 Description: This issue allows other server owners to create configurations that contain a channel from another server as a target, enabling the sending of log messages to another Guild channel and bypassing raid...
GHSA-MH8G-HPRG-8363 Hard-Coded Key Used For Remember-me Token in Opencast
Impact The security configuration in etc/security/mhdefaultorg.xml enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Opencast has hard-coded this system key in the large XML file and never mentions to change this, basically ensuring th...
httpd: Weak Digest auth nonce generation in mod_auth_digest
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...
ALPINE-CVE-2018-1312
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...
CVE-2017-11319
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...
Input validation
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...
CVE-2017-11319
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms...
Perspective ICM Investigation And Case 5.1.1.16 Privilege Escalation
Exploit Title: Privilege Escalation - Perspective ICM Investigation & Case - 5.1.1.16 Date Reported to vendor: Jun 28, 2017 Date Accepted by vendor: Jun 11, 2017 Exploit Author: [email protected] Vendor Homepage: www.resolver.com Version: Perspective ICM Investigation & Case -...
CVE-2017-12756
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile0 parameter...