41 matches found
PT-2024-22689
Name of the Vulnerable Software and Affected Versions Saleor Storefront versions prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 Description The issue affects Saleor Storefront, software for building e-commerce experiences. When any user authenticates in the storefront, anonymous users a...
PT-2024-12764 · Ibm · Ibm Openpages With Watson
Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue provides weaker than expected security in an OpenPages environment using Native authentication. An attacker with access to the OpenPages database could exploit this...
PT-2023-29992 · Loytec Electronics Gmbh · Linx Configurator
Name of the Vulnerable Software and Affected Versions: LOYTEC electronics GmbH LINX Configurator all versions Description: The issue concerns the use of HTTP Basic Authentication in the LINX Configurator, which transmits usernames and passwords in base64-encoded cleartext. This allows remote...
PT-2023-26210 · Jenkins · Jenkins Assembla Auth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Auth Plugin versions 1.14 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to trick users into logging in to the attacker's account. This issue arises because the plugin does not...
PT-2023-23176 · Mage Ai · Mage Ai
Name of the Vulnerable Software and Affected Versions: mage-ai versions 0.8.34 through 0.8.71 Description: The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have...
PT-2022-24883 · Unknown +1 · Passport-Saml +1
Name of the Vulnerable Software and Affected Versions: node-saml versions prior to 4.0.0-beta5 Description: A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML...
CVE-2021-41232
Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in versio...
Authentication flaw
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...
PT-2021-9680 · Apache · Apache Zeppelin
Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.9.0 and prior versions Description: The issue is an authentication bypass vulnerability that allows an attacker to bypass the Zeppelin authentication mechanism and act as another user. Recommendations: For Apache...
Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password)
Exploit Title: Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF Date: 13.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.panasonic.com !-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor:...
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
!-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor: Panasonic Corporation | SANYO Electric Co., Ltd. Product web page: https://www.panasonic.com https://www.sanyo-av.com https://panasonic.net/sanyo/cs/index.html Affected version: Model: VCC-HD5600...
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery Vulnerability
Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privilege...
PT-2021-11763 · Unknown · Phpgurukul Employee Record Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Employee Record Management System version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is a SQL injection vulnerability. Recommendations: For PHPGurukul Employ...
CVE-2021-21335 Basic Authentication can be bypassed using a malformed username
In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...
Sickbeard 0.1 Cross Site Request Forgery
Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication) Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link:...
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)
Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...
The vulnerability of the sudoer account in the Runas ALL system administration software allows a hacker to disable user authentication using a local password.
The vulnerability of the sudoer account in the Runas ALL system administration program is related to improper access control. Exploiting this vulnerability could allow a malicious actor to disable user authentication using the local password...
PT-2016-4857 · Ntp +8 · Ntp +10
Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.8p4 NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92 Description: An issue exists in the message authentication functionality of libntp, allowing an attacker to send crafted messages in an attempt to recover the messag...
PT-2007-3578 · Openssh +2 · Openssh +2
Name of the Vulnerable Software and Affected Versions: OpenSSH versions 4.6 and earlier Description: The issue allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY. This is because S/KEY displays a different response if the user account exist...