17 matches found
[SECURITY] [DSA 6327-1] request-tracker4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6327-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 07, 2026 https://www.debian.org/security/faq -...
CVE-2026-41076 RT: LDAP authentication bypass via empty password
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...
PT-2026-42845
Name of the Vulnerable Software and Affected Versions RT versions prior to 5.0.10 RT versions 6.0.0 through 6.0.2 Description An authentication bypass exists in installations using LDAP/AD for user authentication. Under specific LDAP server configurations, an attacker can authenticate as any...
USN-8136-2: Dovecot regression
USN-8136-1 fixed vulnerabilities in Dovecot. The update caused a regression on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An...
CVE-2026-28808
CVE-2026-28808 is an incorrect authorization vulnerability in Erlang OTP (inets modules). The root cause is a script_alias path mismatch where mod_auth checks DocumentRoot-relative paths while mod_cgi executes ScriptAlias-resolved paths, allowing unauthenticated access to CGI scripts protected by...
PT-2025-32383 · Openbao · Openbao
Name of the Vulnerable Software and Affected Versions: OpenBao versions 2.3.1 and below Description: OpenBao allows the assignment of policies and MFA attribution based on entity aliases. When the username as alias=true parameter in the LDAP auth method is used, the supplied username is used...
CVE-2013-0966
The Apple modhfsapple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI...
CVE-2013-7292
VASCO IDENTIKEY Authentication Server IAS 3.4.x allows remote authenticated users to bypass Active Directory AD authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password...
CVE-2024-10127
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration...
DEBIAN-CVE-2022-46337
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...
EMC Unified Infrastructure Manager/Provisioning Authentication Bypass Vulnerability
EMC Unified Infrastructure Manager is a manager built for converged infrastructures that automates the configuration, provisioning, viewing of topology, monitoring of events and availability. A security vulnerability exists in the use of LDAP authentication for EMC UIM configurations, which allow...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
CVE-2010-2731
CVE-2010-2731 describes an issue in Microsoft IIS 5.1 on Windows XP SP3 where directory-based Basic Authentication can be bypassed, allowing remote execution of ASP files via a crafted request. The root cause is described in public sources as an authentication bypass related to NTFS stream handli...
CVE-2010-2731
Unspecified vulnerability in Microsoft Internet Information Services IIS 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass...
Microsoft IIS Directory Authentication Bypass (MS10-065; CVE-2010-1899; CVE-2010-2731)
IIS is a collection of Internet services packaged with several versions of the Windows operating system. An elevation of privilege vulnerability has been reported in Microsoft Internet Information Services IIS. The vulnerability is due to the way IIS parses specially crafted URLs. An attacker may...
IIS5.1 Directory Authentication Bypass by using “:$I30:$Index_Allocation”
Description: Although IIS5 is very old, finding one is not impossible! Therefore, I want to introduce a technique to bypass the IIS authentication methods on a directory. This vulnerability is because of using Alternate Data Stream to open a protected folder. All of IIS authentication methods can...
PT-2007-3787 · Cisco · Cisco Asa +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA and PIX versions 7.1 before 7.1249 Cisco Adaptive Security Appliance ASA and PIX versions 7.2 before 7.2217 Description: The issue allows remote attackers to cause a denial of service, resulting in a devi...