28 matches found
EUVD-2000-0340
Malware in sbrugna...
CVE-2023-38257
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...
CVE-2023-38257 CVE-2023-38257
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...
CVE-2022-24689
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...
MISP 跨站脚本漏洞
MISP is a software solution. The product is used to collect, store, distribute, and share network security metrics, and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerabilities exist in versions of MISP prior to 2.4.156, which stem fro...
Authentication flaw
A vulnerability has been identified in Siveillance Video Client All versions. In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid...
CVE-2020-15785
A vulnerability has been identified in Siveillance Video Client All versions. In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid...
Information Disclosure
modperl is vulnerable to information disclosure. It was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this...
TestLink Injection Vulnerability
TestLink is a WEB-based test case management system. An injection vulnerability exists in install/installNewDB.php in versions 1.9.16 and earlier of TestLink. A remote attacker can exploit this vulnerability by providing a specially crafted long value during the installation process using control...
Design/Logic Flaw
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value...
CVE-2018-7466
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value...
CVE-2018-7466
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value...
libgig Denial of Service Vulnerability
libgig is a C++ library for loading, modifying and creating Gigasamlier and DLS files. A denial of service vulnerability exists in the 'gig::DimensionRegion::CreateVelocityTable' function of the gig.cpp file in libgig version 4.0.0. A remote attacker can exploit this vulnerability to cause a deni...
Opera server breach incident
News Opera server breach incident Share August 26th, 2016 Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and...
Fedora 22 : bugzilla-4.4.10-1.fc22 (2015-15767)
Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla. Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected email address. Bugzilla 4.4.10 fixes the issue for the 4.4 branch of...
Fedora 23 : bugzilla-4.4.10-1.fc23 (2015-15769)
Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla. Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected email address. Bugzilla 4.4.10 fixes the issue for the 4.4 branch of...
CVE-2013-6890
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service incorrect block of IP addresses via crafted login names...
CVE-2013-6890
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service incorrect block of IP addresses via crafted login names...
Authentication flaw
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service incorrect block of IP addresses via crafted login names...
CVE-2013-6890
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service incorrect block of IP addresses via crafted login names...