Lucene search
K

17 matches found

Debian
Debian
added 2026/06/07 7:25 p.m.12 views

[SECURITY] [DSA 6327-1] request-tracker4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6327-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 07, 2026 https://www.debian.org/security/faq -...

8.8CVSS5.5AI score0.00392EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/22 9:36 p.m.14 views

CVE-2026-41076 RT: LDAP authentication bypass via empty password

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

8.1CVSS0.00392EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42845

Name of the Vulnerable Software and Affected Versions RT versions prior to 5.0.10 RT versions 6.0.0 through 6.0.2 Description An authentication bypass exists in installations using LDAP/AD for user authentication. Under specific LDAP server configurations, an attacker can authenticate as any...

8.1CVSS5.8AI score0.00392EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/04/28 12:52 p.m.11 views

USN-8136-2: Dovecot regression

USN-8136-1 fixed vulnerabilities in Dovecot. The update caused a regression on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An...

5.3CVSS5.9AI score0.00427EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 12:28 p.m.18 views

CVE-2026-28808

CVE-2026-28808 is an incorrect authorization vulnerability in Erlang OTP (inets modules). The root cause is a script_alias path mismatch where mod_auth checks DocumentRoot-relative paths while mod_cgi executes ScriptAlias-resolved paths, allowing unauthenticated access to CGI scripts protected by...

9.8CVSS5.9AI score0.0053EPSS
Exploits0References9Affected Software2
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.4 views

PT-2025-32383 · Openbao · Openbao

Name of the Vulnerable Software and Affected Versions: OpenBao versions 2.3.1 and below Description: OpenBao allows the assignment of policies and MFA attribution based on entity aliases. When the username as alias=true parameter in the LDAP auth method is used, the supplied username is used...

6.5CVSS6.7AI score0.00468EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/22 11:11 a.m.16 views

CVE-2013-0966

The Apple modhfsapple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI...

6.4CVSS6.7AI score0.01699EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:4 a.m.7 views

CVE-2013-7292

VASCO IDENTIKEY Authentication Server IAS 3.4.x allows remote authenticated users to bypass Active Directory AD authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password...

3.5CVSS7.1AI score0.01085EPSS
Exploits0References1
OSV
OSV
added 2024/11/20 9:15 a.m.5 views

CVE-2024-10127

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration...

9.8CVSS5.8AI score0.00597EPSS
Exploits0References2
OSV
OSV
added 2023/11/20 9:15 a.m.3 views

DEBIAN-CVE-2022-46337

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

9.8CVSS7.1AI score0.01418EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/17 12:0 a.m.2 views

EMC Unified Infrastructure Manager/Provisioning Authentication Bypass Vulnerability

EMC Unified Infrastructure Manager is a manager built for converged infrastructures that automates the configuration, provisioning, viewing of topology, monitoring of events and availability. A security vulnerability exists in the use of LDAP authentication for EMC UIM configurations, which allow...

10CVSS7.1AI score0.03368EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/02/04 11:33 p.m.2 views

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

7.5CVSS5.9AI score0.02344EPSS
Exploits0References4
CVE
CVE
added 2010/09/15 6:0 p.m.97 views

CVE-2010-2731

CVE-2010-2731 describes an issue in Microsoft IIS 5.1 on Windows XP SP3 where directory-based Basic Authentication can be bypassed, allowing remote execution of ASP files via a crafted request. The root cause is described in public sources as an authentication bypass related to NTFS stream handli...

6.8CVSS6.6AI score0.31118EPSS
Exploits3References2
Cvelist
Cvelist
added 2010/09/15 6:0 p.m.26 views

CVE-2010-2731

Unspecified vulnerability in Microsoft Internet Information Services IIS 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass...

6.5AI score0.31118EPSS
Exploits3References2
Check Point Advisories
Check Point Advisories
added 2010/09/14 12:0 a.m.39 views

Microsoft IIS Directory Authentication Bypass (MS10-065; CVE-2010-1899; CVE-2010-2731)

IIS is a collection of Internet services packaged with several versions of the Windows operating system. An elevation of privilege vulnerability has been reported in Microsoft Internet Information Services IIS. The vulnerability is due to the way IIS parses specially crafted URLs. An attacker may...

6.8CVSS6.4AI score0.57231EPSS
Exploits6
securityvulns
securityvulns
added 2010/07/07 12:0 a.m.571 views

IIS5.1 Directory Authentication Bypass by using “:$I30:$Index_Allocation”

Description: Although IIS5 is very old, finding one is not impossible! Therefore, I want to introduce a technique to bypass the IIS authentication methods on a directory. This vulnerability is because of using Alternate Data Stream to open a protected folder. All of IIS authentication methods can...

0.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2007/05/02 12:0 a.m.4 views

PT-2007-3787 · Cisco · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA and PIX versions 7.1 before 7.1249 Cisco Adaptive Security Appliance ASA and PIX versions 7.2 before 7.2217 Description: The issue allows remote attackers to cause a denial of service, resulting in a devi...

7.8CVSS7.5AI score0.02877EPSS
Exploits0References8
Rows per page
Query Builder