authd: Primary group ID is incorrectly set to value of UID

authd 0.6.0 contains a bug which can lead to an incorrect primary group ID. It affects users whose primary group ID i.e. the GID in the user record differs from their UID. There are two ways which can lead to this: 1. The user was created with authd &2 continue fi if "$OLDGID"...

GHSA-4FQM-6FMH-82MQ OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login

Summary OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. In the tested release 3000.10.2, guests are correctly blocked from dashboard access, but an still call the KillAction RPC directly and successfully...

OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login

Summary OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. In the tested release 3000.10.2, guests are correctly blocked from dashboard access, but an still call the KillAction RPC directly and successfully...

PT-2026-22999

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.0 Description OliveTin allows an unauthenticated guest to terminate running actions through the KillAction Remote Procedure Call RPC even when authRequireGuestsToLogin: true is enabled. Guests are blocked fro...

CVE-2022-31029

AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like in the field marked with "Domain to look for" and hitting enter or clicking on any of the buttons will execute the script. The user must be logged in to use this vulnerability. Usually only...

CVE-2023-4099

The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application...

EUVD-1999-0383

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-44030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the...

HTTP SickRage Password Leak

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP SickRage Password Leak', 'Description' = %q SickRage 'Sven Fassbender', EDB POC 'Shelby Pace' Metasploit Module , 'License' = MSFLICENSE,...

PT-2024-20583 · Discourse · Discourse Calendar

Name of the Vulnerable Software and Affected Versions: Discourse Calendar versions prior to 0.4 Description: The issue allows event invitees created in private categories or private messages to be retrieved by anyone, even if they are not logged in. This is a problem with the Discourse Calendar...

CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...

CVE-2023-4103

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

Observable Response Discrepancy

vantage6server is vulnerable to Observable Response Discrepancy. The vulnerability exists because the login requirement is not properly implemented which allows an attacker to brute force password and observe a valid username response...

Microsoft Windows Connected User Experiences and Telemetry Service Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system.Connected User Experiences and Telemetry Service is one of the components that can...

Cisco TelePresence Codec Remote Detection

Detects the installed version of Cisco TelePresence Codec. This script sends an HTTP GET request and tries to ensure the presence of Cisco TelePresence Codec. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

J-OWAMP Web Interface 2.1b - link Remote File Inclusion

J-OWAMP Web Interface 2.1b - link Remote File Inclusion !/usr/bin/perl Jowamp WebInterface v 2.1 Remote File Inclusion Vulnerablity Vulnerability found & Exploit coded By Dr Max Virus Download:http://www.av.it.pt/jowamp/indexfiles/JOWAMPWebInterfaceversion21.zip User Must Be Logged In! In a web...