Lucene search
K

41 matches found

Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.5 views

PT-2024-22689

Name of the Vulnerable Software and Affected Versions Saleor Storefront versions prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 Description The issue affects Saleor Storefront, software for building e-commerce experiences. When any user authenticates in the storefront, anonymous users a...

6.5CVSS6.8AI score0.0057EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.8 views

PT-2024-12764 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue provides weaker than expected security in an OpenPages environment using Native authentication. An attacker with access to the OpenPages database could exploit this...

8.1CVSS8AI score0.00528EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.6 views

PT-2023-29992 · Loytec Electronics Gmbh · Linx Configurator

Name of the Vulnerable Software and Affected Versions: LOYTEC electronics GmbH LINX Configurator all versions Description: The issue concerns the use of HTTP Basic Authentication in the LINX Configurator, which transmits usernames and passwords in base64-encoded cleartext. This allows remote...

7.5CVSS7.7AI score0.01444EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.6 views

PT-2023-26210 · Jenkins · Jenkins Assembla Auth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Auth Plugin versions 1.14 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to trick users into logging in to the attacker's account. This issue arises because the plugin does not...

8.8CVSS8.8AI score0.00413EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/05 12:0 a.m.24 views

PT-2023-23176 · Mage Ai · Mage Ai

Name of the Vulnerable Software and Affected Versions: mage-ai versions 0.8.34 through 0.8.71 Description: The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have...

9.8CVSS9.4AI score0.00659EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/10/12 12:0 a.m.9 views

PT-2022-24883 · Unknown +1 · Passport-Saml +1

Name of the Vulnerable Software and Affected Versions: node-saml versions prior to 4.0.0-beta5 Description: A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML...

8.1CVSS8.2AI score0.00598EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2021/11/02 6:15 p.m.3 views

CVE-2021-41232

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in versio...

9.8CVSS7.2AI score0.01467EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/10/25 4:15 p.m.19 views

Authentication flaw

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

5CVSS7.3AI score0.0352EPSS
Exploits5References5Affected Software1
Positive Technologies
Positive Technologies
added 2021/09/02 12:0 a.m.3 views

PT-2021-9680 · Apache · Apache Zeppelin

Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.9.0 and prior versions Description: The issue is an authentication bypass vulnerability that allows an attacker to bypass the Zeppelin authentication mechanism and act as another user. Recommendations: For Apache...

7.5CVSS7.4AI score0.03258EPSS
Exploits0References19
Exploit DB
Exploit DB
added 2021/08/02 12:0 a.m.435 views

Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password)

Exploit Title: Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF Date: 13.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.panasonic.com !-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/30 12:0 a.m.375 views

Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery

!-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor: Panasonic Corporation | SANYO Electric Co., Ltd. Product web page: https://www.panasonic.com https://www.sanyo-av.com https://panasonic.net/sanyo/cs/index.html Affected version: Model: VCC-HD5600...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/07/30 12:0 a.m.140 views

Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery Vulnerability

Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privilege...

0.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/07/20 12:0 a.m.6 views

PT-2021-11763 · Unknown · Phpgurukul Employee Record Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Employee Record Management System version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is a SQL injection vulnerability. Recommendations: For PHPGurukul Employ...

9.8CVSS10AI score0.02899EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/03/08 8:20 p.m.28 views

CVE-2021-21335 Basic Authentication can be bypassed using a malformed username

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

5.3CVSS9.5AI score0.0166EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2020/07/27 12:0 a.m.470 views

Sickbeard 0.1 Cross Site Request Forgery

Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/27 12:0 a.m.300 views

Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication) Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link:...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.235 views

Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)

Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/03/04 12:0 a.m.6 views

The vulnerability of the sudoer account in the Runas ALL system administration software allows a hacker to disable user authentication using a local password.

The vulnerability of the sudoer account in the Runas ALL system administration program is related to improper access control. Exploiting this vulnerability could allow a malicious actor to disable user authentication using the local password...

7.8CVSS6.9AI score0.02831EPSS
Exploits0References10Affected Software3
Positive Technologies
Positive Technologies
added 2016/04/28 12:0 a.m.5 views

PT-2016-4857 · Ntp +8 · Ntp +10

Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.8p4 NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92 Description: An issue exists in the message authentication functionality of libntp, allowing an attacker to send crafted messages in an attempt to recover the messag...

9.8CVSS6.5AI score0.97549EPSS
Exploits59References218
Positive Technologies
Positive Technologies
added 2007/04/25 12:0 a.m.9 views

PT-2007-3578 · Openssh +2 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 4.6 and earlier Description: The issue allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY. This is because S/KEY displays a different response if the user account exist...

10CVSS7.9AI score0.99506EPSS
Exploits207References345
Rows per page
Query Builder