39 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-50341
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack...
CVE-2023-46745
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user account...
PT-2024-17911 · Unknown · Electronic Official Document Management System
Name of the Vulnerable Software and Affected Versions: Electronic Official Document Management System affected versions not specified Description: The Electronic Official Document Management System has an Authentication Bypass issue. Although the product enforces an IP whitelist for the API used ...
PT-2024-34151 · Symfony +2 · Symfony/Securitybundle +2
Name of the Vulnerable Software and Affected Versions: symfony/security-bundle versions prior to 6.4.10 symfony/security-bundle versions prior to 7.0.10 symfony/security-bundle versions prior to 7.1.3 Description: The custom user checker defined on a firewall is not called when logging in...
Dahua Security Cameras Incorrect Default Permissions (CVE-2019-9682)
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...
CVE-2024-41600
Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component...
PT-2024-29457 · Unknown · Lin-Cms Springboot
Name of the Vulnerable Software and Affected Versions: lin-CMS Springboot versions 0.2.1 and before Description: The issue allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Recommendations: For versions 0.2.1 and before, consider...
PT-2024-29458 · Lin-Cms · Lin-Cms
Name of the Vulnerable Software and Affected Versions: lin-CMS versions 0.2.0 and before Description: The issue allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Recommendations: For lin-CMS versions 0.2.0 and before, consider...
Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe FrameMaker Publishing Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Login method. The issue results from improper implementation of th...
Advantech WebAccess BWSCADASoap Login Method SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Advantech WebAccess. The specific flaw exists within processing of the Login method of the BWSCADASoap entry point. When parsing the ProjectName and Username elements, the process does not properly...
Published app does not launch when SSO is used. Desktops launch fine.
Using Receiver and Receiver for web, published app wont launch but a published desktop works fine. If user is local admin - it works If signing in with username/password on Receiver or Receiver for web - it works. Event generated on vda host: "non-brokered ica connection request denied because th...
SDCMS background to bypass directly into the,A not common design mistakes case study-vulnerability warning-the black bar safety net
Brief description: SDCMS background to bypass directly into the: test version 2. 0 beta2 other versions not tested Detailed description: Islogin //determine login method sub islogin if sdcms. strlenadminid=0 or sdcms. strlenadminname=0 then dim t0,t1,t2 t0=sdcms. getintsdcms. loadcookie"adminid",...
Nmap NSE 6.01: pop3-brute
Tries to log into a POP3 account by guessing usernames and passwords. SYNTAX: userdb: The filename of an alternate username database. pop3loginmethod: The login method to use: ''USER'' default, ''SASL-PLAIN'', ''SASL-LOGIN'', ''SASL-CRAM-MD5'', or ''APOP''. unpwdb.passlimit: The maximum number of...
Nmap NSE net: pop3-brute
Tries to log into a POP3 account by guessing usernames and passwords. SYNTAX: userdb: The filename of an alternate username database. pop3loginmethod: The login method to use: ''USER'' default, ''SASL-PLAIN'', ''SASL-LOGIN'', ''SASL-CRAM-MD5'', or ''APOP''. unpwdb.passlimit: The maximum number of...
Default configuration
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method...
Cybozu Office 6 information disclosure vulnerability
Overview A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information. Cybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used,...
CVE-2007-4961
The logintosimulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending...
MSN Messenger8. 0 login method decrypt-vulnerability warning-the black bar safety net
Earlier, Microsoft had announced will be on MSN Messenger to make some changes, upgrade to Windows Live Messenger 8.0, and will demo some of the new features. The new version of the picture already from Bill Gates earlier demo version leaked to the Internet. Today we've got MSN Live Messenger8. 0...
Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)
I'm the lead developer for Windows Eudora here at Qualcomm, and I've been the one who has investigated these issues of SMTP authentication with IPSwitch's IMail server. Here's some details that may be helpful for IMail users: The problem is with IMail SMTP server versions 6.02 and below. When the...