Lucene search
K

82 matches found

Prion
Prion
added 2018/08/23 6:29 p.m.19 views

Design/Logic Flaw

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...

5CVSS7.2AI score0.01673EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/08/23 6:29 p.m.19 views

CVE-2018-1999043

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...

7.5CVSS6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2018/08/23 6:0 p.m.26 views

CVE-2018-1999043

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...

7.2AI score0.01673EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/06/27 12:0 a.m.887 views

Target Credential Status by Authentication Protocol - No Credentials Provided

Nessus was not able to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the...

5.7AI score
Exploits0
Citrix
Citrix
added 2018/03/12 12:0 a.m.7 views

Unable to Enroll with SecureHub - Error: "Invalid Credentials"

Users unable to enroll device in XenMobile Error: "Invalid Credentials" Other users are able to enroll on the affected device, however the affected user is unable to enroll...

7AI score
Exploits0
OSV
OSV
added 2018/03/07 2:29 a.m.1 views

CVE-2018-7739

antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the...

9.8CVSS5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/11/06 12:0 a.m.1397 views

Target Credential Status by Authentication Protocol - Failure for Provided Credentials

Nessus failed to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote...

5.7AI score
Exploits0
OSV
OSV
added 2017/08/23 2:29 p.m.7 views

PYSEC-2017-151

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...

9.8CVSS7AI score0.04629EPSS
Exploits0References6
Veracode
Veracode
added 2017/03/29 8:30 a.m.19 views

Unauthorized Domain Creation

admin-cli is vulnerable to unauthorised domain creation. The vulnerability is possible since it does not verify the validity of admin's credentials before creation of domain...

3.7CVSS6.1AI score0.00342EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2017/02/25 12:0 a.m.111 views

AlienVault OSSIM/USM Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

0.7AI score
Exploits0
0day.today
0day.today
added 2017/02/25 12:0 a.m.62 views

AlienVault OSSIM/USM Remote Code Execution Exploit

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object...

0.4AI score
Exploits0
Metasploit
Metasploit
added 2017/01/31 11:15 a.m.68 views

AlienVault OSSIM/USM Remote Code Execution

This module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection...

9.8CVSS9AI score0.57425EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/01/31 12:0 a.m.50 views

AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

7.4AI score
Exploits0
Citrix
Citrix
added 2015/10/22 12:0 a.m.8 views

Error: “Invalid Credentials” appears when a new password is set.

The Receiver app is configured to use published application on StoreFront through NetScaler Gateway. When logging on or launching a published application, a user is required to set a new password if the current password is expired. When a new password is set, the following “Invalid Credentials”...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2015/05/25 12:0 a.m.19 views

FTP Media Server 3.0 - Authentication Bypass Denial of Service

FTP Media Server 3.0 - Authentication Bypass Denial of Service !/usr/bin/env python ================================================================================== Exploit Title: FTP Media Server 3.0 - Authentication Bypass and Denial of Service Date: 2015-05-25 Exploit Author: Wh1t3Rh1n0...

0.5AI score
Exploits0
Debian CVE
Debian CVE
added 2014/01/13 9:0 p.m.59 views

CVE-2013-7239

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials...

4.8CVSS9.2AI score0.0118EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/01/01 12:0 a.m.31 views

Debian Security Advisory DSA 2832-1 (memcached - several vulnerabilities)

Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-4971 Stefan Bucur reported that memcached could be caused to crash by sending a specially crafted...

5CVSS0.7AI score0.22317EPSS
Exploits4References1
RedHat Linux
RedHat Linux
added 2012/12/18 10:17 p.m.11 views

JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS5.8AI score0.0141EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2012/08/24 10:36 a.m.4 views

CVE-2011-5117

Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of 1 out-of-date credentials and 2 invalid credentials, which allows physically proximate attackers to defeat t...

6.9CVSS5.6AI score0.00336EPSS
Exploits0References2
Veeam
Veeam
added 2012/01/20 12:0 a.m.1050 views

Backup to CIFS Share fails with "Failed to call RPC function 'FcIsExists': The user name or password is incorrect."

Error Change in Veeam Backup & Replication 12.x Starting in Veeam Backup & Replication 12, the error message that will be displayed when the credentials to access the SMB share are invalid was changed. The underlying error is still the same and is recorded in the log file:...

7AI score
Exploits0Affected Software1
Rows per page
Query Builder