31 matches found
CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...
CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
CVE-1999-0503
A Windows NT local user or administrator account has a guessable password...
EUVD-2003-0973
Malware in sbrugna...
EUVD-2021-21395
Malware in sbrugna...
EUVD-2018-18024
Malware in sbrugna...
CVE-2003-0983
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via 1 a "bubba" local user account, 2 an open TCP port 34571, or 3 when a local DHCP server is unavailable, a...
Format string
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining...
How to secure a Windows PC for your kids
With the return to school fast approaching, it's time to ready the things your kids will need to pass the next year with flying colors. Increasingly, that means computing devices, which means you'll need to spend time thinking about the safety and security of what they will be using. In our "Back...
PT-2022-4092 · Siemens · Simatic Pcs 7 +1
Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC PCS 7 version V9.1 prior to V9.1 SP1 SIMATIC WinCC versions V7.4 through V7.4 prior to V7.4 SP1 Update 19 SIMATIC WinCC versions V7.5 through V7.5 prior to V7.5 SP2 Update 6 SIMATIC WinCC...
CVE-2020-35483
AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file...
Anydesk Code Issue Vulnerability
Anydesk is a remote desktop connection software from Anydesk Germany. A code issue vulnerability exists in AnyDesk before 6.1.0 on Windows, which can be exploited by an attacker to compromise a local user account via a read-only setting of the Trojan gcapi.dll file...
Security feature bypass
Internet TRiLOGI Server unknown versions could allow a local user to bypass security and create a local user account...
CVE-2013-6927
Internet TRiLOGI Server unknown versions could allow a local user to bypass security and create a local user account...
CVE-2019-18192
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...
CVE-2018-6263
CVE-2018-6263 concerns NVIDIA GeForce Experience prior to version 3.16 on Windows. The issue allows a local user to plant a malicious DLL during application installation, enabling privilege escalation. The NVIDIA Security Bulletin (and CNVD/CVE records) confirm the affected product and the local-...
CVE-2018-1214
Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achiev...
CVE-2018-1214
Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achiev...
Windows Local User Account Hash Carver
This module will change a local user's password directly in the registry. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' class MetasploitModule 'Windows Local User Account Hash Carver', 'Description...
Amazon Linux AMI : kernel (ALAS-2015-610)
A denial of service vulnerability was discovered in the keyring function's garbage collector in the Linux kernel. The flaw allowed any local user account to trigger a kernel panic. CVE-2015-7872 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...