Lucene search
K

64 matches found

Cvelist
Cvelist
added 2023/06/05 12:0 a.m.31 views

CVE-2023-34411

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...

7.6AI score0.01172EPSS
Exploits1References4
OSV
OSV
added 2023/06/05 12:0 a.m.15 views

CVE-2023-34411

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...

7.5CVSS7.1AI score0.01172EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.4 views

PT-2023-24862 · Xml-Rs · Xml-Rs

Name of the Vulnerable Software and Affected Versions: xml-rs versions 0.8.9 through 0.8.13 Description: The issue allows for a denial of service panic via an invalid ! token, such as !DOCTYPEs/%!A nesting, in an XML document. Recommendations: For xml-rs versions 0.8.9 through 0.8.13, update to...

7.5CVSS6.9AI score0.01172EPSS
Exploits1References12
CVE
CVE
added 2023/06/05 12:0 a.m.74 views

CVE-2023-34411

The CVE-2023-34411 issue affects the xml-rs crate for Rust (and Crab), with versions before 0.8.14 vulnerable to a denial-of-service (panic) caused by an invalid XML token, such as a malformed

7.5CVSS7.3AI score0.01172EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0247

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...

5CVSS6.4AI score0.03243EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.6 views

Pac4j 数据伪造问题漏洞

Pac4j is a simple yet powerful Java security engine. Used to authenticate users, obtain their profiles and manage authorization to protect Web applications and Web services.Pac4j has a data forgery problem vulnerability that stems from the product not using a valid algorithm when validating ID...

7.5CVSS5.6AI score0.00895EPSS
Exploits0References4
NVD
NVD
added 2021/01/26 6:15 p.m.32 views

CVE-2020-28874

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...

7.5CVSS7.6AI score0.02351EPSS
Exploits2References4
Prion
Prion
added 2021/01/26 6:15 p.m.16 views

Default credentials

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...

5CVSS7.6AI score0.02351EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2021/01/21 3:1 p.m.44 views

CVE-2020-28874

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...

7.6AI score0.02351EPSS
Exploits2References4
Veracode
Veracode
added 2019/01/15 8:56 a.m.26 views

Denial Of Service (DoS)

openstack-keystone is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token...

5CVSS5.8AI score0.03243EPSS
Exploits0References10Affected Software1
CNVD
CNVD
added 2017/08/30 12:0 a.m.7 views

SimpleSAMLphp Invalid Token Creation and Validation Vulnerability

SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 service provider and identity provider functionality . A security vulnerability exists in SimpleSAMLphp 1.14.14 and earlier versions of SimpleSAMLAuthTimeLimitedToken. An attacker can exploit the vulnerability t...

5.9CVSS6.1AI score0.0125EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2017/06/28 2:13 p.m.13 views

Invalid token creation and validation

More info at https://simplesamlphp.org/security/201708-01...

5.9CVSS7.2AI score0.0125EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2017/05/08 7:21 p.m.5 views

keycloak-connect: auth token validity check ignored

It was found that the Keycloak Node.js adapter did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks...

9.8CVSS5.8AI score0.02542EPSS
Exploits0References4
Cisco
Cisco
added 2014/07/25 6:59 p.m.20 views

Cisco WebEx Meetings Server Authenticated Encryption Vulnerability

A vulnerability in the user.php script of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to an invalid token timer. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable...

5.8CVSS6.2AI score0.00951EPSS
Exploits0References1
OSV
OSV
added 2013/02/24 7:55 p.m.4 views

CVE-2013-0247

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...

6.4AI score
Exploits0References7
OSV
OSV
added 2013/02/24 7:55 p.m.2 views

DEBIAN-CVE-2013-0247

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...

5CVSS6.8AI score0.03243EPSS
Exploits0References1
Prion
Prion
added 2013/02/24 7:55 p.m.19 views

Code injection

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...

5CVSS7AI score0.03243EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2013/02/12 5:49 p.m.8 views

Keystone: denial of service through invalid token requests

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...

5CVSS5.9AI score0.03243EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/05/18 7:45 p.m.34 views

krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)

The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...

6.8CVSS6.6AI score0.06884EPSS
Exploits2References4
0day.today
0day.today
added 2008/08/12 12:0 a.m.103 views

Joomla 1.5.x (Token) Remote Admin Change Password Vulnerability

Exploit for unknown platform in category web applications =============================================================== Joomla 1.5.x Token Remote Admin Change Password Vulnerability =============================================================== Joomla 1.5.x Remote Admin Password Change Greets:...

7.1AI score
Exploits0
Rows per page
Query Builder