92 matches found
CVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...
EUVD-2018-1921
Malware in sbrugna...
EUVD-2015-8643
Malware in sbrugna...
EUVD-2014-9566
Malware in sbrugna...
EUVD-2019-5652
Malware in sbrugna...
EUVD-2019-2891
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-1000528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form...
Linux Distros Unpatched Vulnerability : CVE-2019-11187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the...
Linux Distros Unpatched Vulnerability : CVE-2019-14466
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file...
Debian: Security Advisory (DLA-115)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-562-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Authentication Bypass
gosa is vulnerable to authentication bypass. An attacker is able to authenticate as any user using a username containing the case-insensitive substring success with an arbitrary password...
Ubuntu 16.04 LTS : GOsa vulnerabilities (USN-4609-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4609-1 advisory. Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file...
Ubuntu: Security Advisory (USN-4609-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4609-1: GOsa vulnerabilities
Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. CVE-2019-14466 It was discovered that GOsa incorrectly handled user access...
DEBIAN-CVE-2019-14466
The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...
CVE-2019-14466
The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...
CVE-2019-14466
The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...
Design/Logic Flaw
The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...
CVE-2019-14466
The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...