34 matches found
EUVD-2020-28852
Malware in sbrugna...
CVE-2025-3766 Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting
The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajaxruntool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
BIT-MONGODB-2020-7921 Administrative action may disable enforcement of per-user IP whitelisting
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...
No rate limiting on creating access token
Description: Access token creation is a critical security component in many applications, especially when it comes to user authentication and authorization. Without proper rate limiting controls, attackers may exploit this process to launch various types of attacks, such as brute force attacks,...
Fedora: Security Advisory for golang-github-googlecloudplatform-cloudsql-proxy (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-6.fc35
The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...
[SECURITY] Fedora 36 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-6.fc36
The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...
[SECURITY] Fedora 35 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc35
The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...
PasteMonitor - Scrape Pastebin API To Collect Daily Pastes, Setup A Wordlist And Be Alerted By Email When You Have A Match
Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match. Description The PasteMonitor tool allows you to perform two main actions for educational purposes only: Download daily new public pastes Average number of pastes per day: 1000-3000 filetyp...
Wsh - Web Shell Generator And Command Line Interface
wsh pronounced woosh is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you have to type in an input box and press a button. I wanted something that fits into my workflow better...
CVE-2020-4071
In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...
PYSEC-2020-37
In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...
CVE-2020-4071 Timing attack on django-basic-auth-ip-whitelist
In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...
CVE-2020-4071
CVE-2020-4071 applies to the django-basic-auth-ip-whitelist package prior to version 0.3.4. The issue is a timing-attack vulnerability caused by a character-by-character string comparison of configured BASIC_AUTH_LOGIN/BASIC_AUTH_PASSWORD against user input, which may allow an attacker within a l...
Timing attack on django-basic-auth-ip-whitelist
Impact Potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character...
GHSA-M38J-PMG3-V5X5 Timing attack on django-basic-auth-ip-whitelist
Impact Potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character...
IP Whitelisting Bypass
verbb/knock-knock is vulnerable to IP Whitelisting Bypass. It is due to the use of a flawed IP-Whitelisting mechanism of getting User IP , allowing bypass of IP whitelisting through X-Forwarded-For header manipulation...
Knock Knock Security Restriction Bypass Vulnerability
Pixel & Tonic Craft CMS is the United States Pixel & Tonic company's set of content management system CMS.Knock Knock is one of the access rights management plugin. A security vulnerability exists in Knock Knock versions prior to 1.2.8 for Pixel & Tonic Craft CMS. The vulnerability can be exploit...
CVE-2020-7921
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...
CVE-2020-7921
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...