CVE-2024-13118

The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack...

CVE-2024-13118

CVE-2024-13118 affects the IP Based Login WordPress plugin (version earlier than 2.4.1). The vulnerability arises from missing CSRF protections in some areas, enabling CSRF attacks that could cause logged-in users to delete logs. Red Hat and CVE records confirm this issue and indicate a fix in ve...

CVE-2024-13118 IP Based Login < 2.4.1 - Log Deletion via CSRF

The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack...

CVE-2024-13118 IP Based Login < 2.4.1 - Log Deletion via CSRF

The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack...

WordPress plugin IP Based Login 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers. A security vulnerability exists ...

CVE-2024-13666

CVE-2024-13666 concerns the Fluent Forms WordPress plugin (versions up to and including 5.2.12) with an IP address spoofing vulnerability caused by insufficient IP validation and reliance on user-supplied HTTP headers for IP retrieval. This enables unauthenticated attackers to spoof their IP and ...

WordPress IP Based Login plugin < 2.4.1 - Log Deletion via CSRF vulnerability

Log Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin IP Based Login versions 2.4.1...

GHSA-G93M-8X6H-G5GV Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

CVE-2024-51504 Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits

SafeLine is a self-hosted WAFWeb Application Firewall to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL...

Symfony2 improper IP based access control

Damien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp method when the trust proxy mode is enabled Request::trustProxyData. An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp...

Symfony2 security issue when the trust proxy mode is enabled

An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp method for sensitive decisions like IP based access control. To fix this security issue, the following changes have been made to all versions of Symfony2: A new Request::setTrustedProxies method...

CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...

CVE-2024-3661

DHCP can add routes to a client’s routing table via the classless static route option 121. VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify...

DEBIAN-CVE-2021-47155

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

UBUNTU-CVE-2021-47154

The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

PT-2024-20533 · Discourse · Discourse-Group-Membership-Ip-Block

Name of the Vulnerable Software and Affected Versions: discourse-group-membership-ip-block affected versions not specified Description: The discourse-group-membership-ip-block plugin sends all group custom fields to the client, including fields from other plugins that may be expected to remain...

CVE-2022-47648

An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an...

Improper access control

An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an...

CVE-2022-47648

CVE-2022-47648 affects the Bosch B420 Ethernet module. The issue is improper access control caused by IP-based authorization, allowing an attacker on the same network as a legitimate user to access the device’s control panel without authentication. The vulnerable firmware version cited is 02.02.0...