Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

EUVD-2022-4656

Malicious code in bioql PyPI...

PT-2022-22655 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: A improper authentication issue exists that allows two-factor authentication to be bypassed when the server is configured to...

Drupal sensitive information disclosure

The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in...

Hardcoded credentials

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

CVE-2019-10120

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

CVE-2019-10120

The CVE-2019-10120 issue affects eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, where an active session ID can be reused after logout to enable automatic login (setAutoLogin). This is caused by session handling that does not invalidate the session on logout. Affected v...

As a JIRA System Administrator, I can instruct web browsers to not allow saving a user's password in the various login options, so that unauthorized users can not access the system.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29447. panel In some organisations, as part of a set of security requirements, it is required for compliant applications, to disallow users ...

CVE-2011-1183

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...

PT-2011-2925 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A regression in a previous fix caused security constraints to be ignored under certain conditions. Specifically, this occurred when there was no login...

Design/Logic Flaw

A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshdconfig files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors...

FreeBSD 4.34.4 - Login Capabilities Privileged File Reading

FreeBSD 4.34.4 - Login Capabilities Privileged File Reading source: https://www.securityfocus.com/bid/3344/info FreeBSD is a freely available, open source implementation of the BSD UNIX Operating System. It is developed and maintained by the FreeBSD Project. It is possible for a user with access ...