Lucene search
+L

6 matches found

OpenVAS
OpenVAS
added 2020/10/29 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-4609-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.8AI score0.46323EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2020/10/28 7:46 p.m.77 views

USN-4609-1: GOsa vulnerabilities

Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. CVE-2019-14466 It was discovered that GOsa incorrectly handled user access...

9.8CVSS7.5AI score0.46323EPSS
Exploits0
NVD
NVD
added 2019/08/15 5:15 p.m.18 views

CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

9.8CVSS9.5AI score0.01749EPSS
Exploits0References2
OSV
OSV
added 2019/08/15 5:15 p.m.8 views

CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

9.8CVSS9.5AI score
Exploits0References2
CVE
CVE
added 2019/08/15 4:21 p.m.93 views

CVE-2019-11187

CVE-2019-11187 concerns the GOsa LDAP class in GONICUS GOsa up to 2019-04-11, where an incorrect access-control flaw can allow login to any account whose username contains the case-insensitive substring “success” when an arbitrary password is provided. The issue is described as an authorization b...

9.8CVSS7.8AI score0.01749EPSS
Exploits0References2Affected Software1
Debian
Debian
added 2019/08/11 2:9 a.m.129 views

[SECURITY] [DLA 1875-1] fusiondirectory security update

Package : fusiondirectory Version : 1.0.8.2-5+deb8u2 CVE ID : CVE-2019-11187 In FusionDirectory, an LDAP web-frontend written in PHP originally derived GOsa² 2.6.x, a vulnerability was found that could theoretically lead to unauthorized access to the LDAP database managed with FusionDirectory. LD...

9.8CVSS7.2AI score0.01749EPSS
Exploits0
Rows per page
Query Builder