PocketMine-MP has LogDoS by many junk properties in client data JWT in LoginPacket

Impact Attackers can fill the body of the clientData JWT in LoginPacket with lots of junk properties, causing the server to flood warning messages, as well as wasting CPU time. This happens because the JsonMapper instance used to process the JWT body is configured to warn on unexpected properties...

Logging of Excessive Data

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Logging of Excessive Data through the processing of client data JWTs in LoginPacket. An attacker can cause...

GHSA-H6RJ-3M53-887H PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket

Impact Attackers can put large and/or complex structures as a value to an unknown property in the clientData JWT body in the Minecraft LoginPacket, causing the server to generate very long log messages. Additionally, the property name is logged without any length limitations or sanitization, whic...

PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket

Impact Attackers can put large and/or complex structures as a value to an unknown property in the clientData JWT body in the Minecraft LoginPacket, causing the server to generate very long log messages. Additionally, the property name is logged without any length limitations or sanitization, whic...

Logging of Excessive Data

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Logging of Excessive Data through the processing of unexpected properties in the clientData of the LoginPacket...

EUVD-2022-52415

Malicious code in bioql PyPI...

CVE-2022-30561

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet...

CVE-2022-30563

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet...

Cross site request forgery (csrf)

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet...

Github Geyser授权问题漏洞

Github Geyser is Geyser is the bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition, bridging the gap between those who want to play truly cross-platform. Geyser 1.4.2-SNAPSHOT Previous versions of Geyser 1.4.2-SNAPSHOT had an authorization issue vulnerability that stemmed from...

VulnCheck KEV: CVE-2020-21224

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server...

CVE-2020-21224

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server...

Sybase TCP/IP Listener Detection

Detects a Sybase TCP/IP listener server by sending a login packet and checking the response. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

SNMPc Management Server Login Packet Remote DoS

The remote host is running SNMPc, a network management application for Windows. The version of SNMPc installed on the remote host reportedly will crash if a specially crafted logon packet is sent to its Management Server. An unauthenticated, remote attacker may be able to exploit this issue to...

Ubuntu 5.04 / 5.10 : mysql-dfsg-4.1, mysql-dfsg vulnerabilities (USN-283-1)

Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. CVE-2006-1516 Stefano Di Paola also found a...

MySQL Anonymous Login Handshake - Information Leakage.

.oOOo. Anonymous Login Handshake .oOOo. ========================================= MySQL Server = 4.1.18, 5.0.20 has an information leakage in the way mysql parses login packets on anonymous users blank password. Author: Stefano Di Paola Vulnerable: Mysql = 4.1.18, 5.0.20 Type of Vulnerability:...