CVE-2016-20031

CVE-2016-20031 affects ZKTeco ZKBioSecurity 3.0 (visLogin.jsp). The vulnerability enables a local authorization bypass by spoofing localhost requests; EnvironmentUtil.getClientIp() maps IPv6 loopback 0:0:0:0:0:0:0:1 to 127.0.0.1 and uses that IP as the username with a hardcoded password (123456) ...

CVE-2016-20031 ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp method which treats IPv6 loopback address...

CVE-2016-20031 ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp method which treats IPv6 loopback address...

CVE-2026-3670

A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was...

EUVD-2021-21250

Malware in sbrugna...

Topaz SERVCore Teller 授权问题漏洞

Topaz SERVCore Teller is a banking service software from Topaz Brazil. An authorization issue vulnerability exists in Topaz SERVCore Teller version 2.14.0-RC2 and version 2.14.1, which stems from a permissions issue in the file SERVCoreTeller2.0.40D.msi, which could lead to a local attack...

CLSA-2022-1655840189 Fixed CVE-2022-26691 in cups

CVE-2022-26691: Fix authorization bypass when using "local" authorization...

cups: authorization bypass when using "local" authorization

An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution...

cups: authorization bypass when using "local" authorization

An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution...

cups: authorization bypass when using "local" authorization

An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution...

cups: authorization bypass when using "local" authorization

An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution...

cups: authorization bypass when using "local" authorization

An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution...

CVE-2021-34600

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation...

CVE-2021-34600

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation...

Design/Logic Flaw

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation...

CVE-2021-34600 Telenot complex: Insecure AES Key Generation

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation...

CVE-2021-34600

CVE-2021-34600 affects Telenot CompasX prior to 32.0, due to a weak seed for random number generation that yields predictable AES keys in NFC tags used for local user authorization. This weakness can undermine trustworthiness of the installation. Affected component: NFC tag key generation within ...

CVE-2019-6195

An authorization bypass exists in Lenovo XClarity Controller XCC versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1 “LDAP Authentication Only with Local...

Authorization

An authorization bypass exists in Lenovo XClarity Controller XCC versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1 “LDAP Authentication Only with Local...

Juniper Junos CVE-2019-0057 Local Authorization Bypass Vulnerability

Description Juniper Junos is prone to a local authorization-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Versions prior to Junos OS 18.2R1, and 18.2X75-D5 are vulnerable. Technologies Affected Juniper Junos 18.2...