14 matches found
CVE-2026-34578 OPNsense has an LDAP Injection via Unsanitized Username in Authentication
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...
Masa CMS 安全漏洞
Masa CMS is a digital experience platform. A security vulnerability exists in Masa CMS versions prior to 7.2.8, prior to 7.3.13, and prior to 7.4.6, which stems from a group restriction bypass when modifying page URLs to include tag declarations, which could lead to unauthorized page rendering...
EUVD-2013-6864
Malware in sbrugna...
CVE-2025-4972 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...
Incorrect Authorization
Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Incorrect Authorization due to improper handling of FrontendGroupRestriction in multi-table database queries. An attacker can access data from additional tables...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that stems from a database query where FrontendGroupRestriction is applied only to the first table, which could lead to a data leak. The following...
OpenAFS 输入验证错误漏洞
OpenAFS is an OpenAFS open source set of distributed file systems. It allows files and resources to be shared between systems over LANs and WANs. OpenAFS suffers from an input validation error vulnerability that stems from the fact that a local user can bypass the process authentication group...
WordPress Frontend group restriction for LearnDash plugin <= 1.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Frontend group restriction for LearnDash plugin versions = 1.1. Solution No patched version available...
openssl security update
1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c release 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode 1.1.1b-5 - Fix small regressions related to the reba...
Scientific Linux Security Update : samba and samba3x on SL5.x, SL6.x i386/srpm/x86_64 (20140325)
It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. CVE-2013-4496 A flaw...
Moderate: Red Hat Security Advisory: samba and samba3x security update
Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...
CVE-2009-3387
Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances...
Need ability to limit use of remote API to certain users, or a certain group
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-7913. panel The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many...
Need ability to limit use of remote API to certain users, or a certain group
The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many pages can take several minutes, and all other users are locked from the wiki until it completes Reading or writing pages too rapidly through the API can impact the responsiveness of...