14 matches found
CVE-2026-27855
Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...
EUVD-2021-18727
Malware in sbrugna...
CVE-2023-47312
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...
CVE-2023-47312
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...
Improper access control
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...
CVE-2023-47312
CVE-2023-47312 affects Headwind MDM Web panel 5.22.1. The issue is incorrect access control arising from login credential leakage via audit entries, enabling potential elevation of access or disclosure. Root cause details in connected sources indicate credential leakage within audit records as th...
CVE-2023-47312
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...
CVE-2022-30561
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet...
CVE-2021-4161
CVE-2021-4161 affects MOXA MGate MB3180/MB3280/MB3480 Series Protocol Gateways. Vulnerable firmware versions include MB3180 (≤2.2), MB3280 (≤4.1), and MB3480 (≤3.2). The flaw allows cleartext transmission of sensitive information, enabling an attacker to sniff traffic and decrypt login credential...
UBUNTU-CVE-2018-7563
An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The...
Web Security testing common logic vulnerability analysis(combat article-the vulnerability warning-the black bar safety net
Logic vulnerabilities mining has always been Safety tested in the“timeless”topic. Compared toSQL injection, withXSSthe vulnerability of traditional security holes, and now the attacker is more inclined to use the business logic layer of the application security issues, such issues tend to harm th...
Banking Malware Vawtrak Seen Using Tor2Web
Developers behind the banking Trojan Vawtrak have begun obscuring some of their servers with Tor2Web, a move that’s added another degree of difficulty when it comes to uncovering their activity. To this point the malware’s techniques – its evolution beyond banking websites, ability to break...
Dyreza Banker Trojan Seen Bypassing SSL
Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at ...
[SA12366] iChain Multiple Vulnerabilities
TITLE: iChain Multiple Vulnerabilities SECUNIA ADVISORY ID: SA12366 VERIFY ADVISORY: http://secunia.com/advisories/12366/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of system information, DoS WHERE: From remote SOFTWARE: Novell iChain 2.x...