64 matches found
CVE-2023-34411
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...
CVE-2023-34411
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...
PT-2023-24862 · Xml-Rs · Xml-Rs
Name of the Vulnerable Software and Affected Versions: xml-rs versions 0.8.9 through 0.8.13 Description: The issue allows for a denial of service panic via an invalid ! token, such as !DOCTYPEs/%!A nesting, in an XML document. Recommendations: For xml-rs versions 0.8.9 through 0.8.13, update to...
CVE-2023-34411
The CVE-2023-34411 issue affects the xml-rs crate for Rust (and Crab), with versions before 0.8.14 vulnerable to a denial-of-service (panic) caused by an invalid XML token, such as a malformed
SUSE CVE-2013-0247
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...
Pac4j 数据伪造问题漏洞
Pac4j is a simple yet powerful Java security engine. Used to authenticate users, obtain their profiles and manage authorization to protect Web applications and Web services.Pac4j has a data forgery problem vulnerability that stems from the product not using a valid algorithm when validating ID...
CVE-2020-28874
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...
Default credentials
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...
CVE-2020-28874
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...
Denial Of Service (DoS)
openstack-keystone is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token...
SimpleSAMLphp Invalid Token Creation and Validation Vulnerability
SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 service provider and identity provider functionality . A security vulnerability exists in SimpleSAMLphp 1.14.14 and earlier versions of SimpleSAMLAuthTimeLimitedToken. An attacker can exploit the vulnerability t...
Invalid token creation and validation
More info at https://simplesamlphp.org/security/201708-01...
keycloak-connect: auth token validity check ignored
It was found that the Keycloak Node.js adapter did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks...
Cisco WebEx Meetings Server Authenticated Encryption Vulnerability
A vulnerability in the user.php script of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to an invalid token timer. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable...
CVE-2013-0247
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...
DEBIAN-CVE-2013-0247
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...
Code injection
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...
Keystone: denial of service through invalid token requests
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...
krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)
The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...
Joomla 1.5.x (Token) Remote Admin Change Password Vulnerability
Exploit for unknown platform in category web applications =============================================================== Joomla 1.5.x Token Remote Admin Change Password Vulnerability =============================================================== Joomla 1.5.x Remote Admin Password Change Greets:...