7 matches found
CVE-2026-28477
CVE-2026-28477 affects OpenClaw. The vulnerability is an OAuth state validation bypass in the manual Chutes login flow, enabling an attacker to substitute credentials and persist tokens for unauthorized accounts by tricking a user into pasting attacker-controlled OAuth callback data. Impact is cr...
CVE-2026-28477
OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...
GHSA-7RCP-MXPQ-72PJ OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution
Summary The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution. Impact If an attacker can convince a user to paste attacker-provided OAuth callback data during the manu...
CVE-2025-8679
In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and...
Domain passthrough with ZeroTrust VPN users get "cannot start your session" via Azure load balancer
When you access Store URL and click on "Log on" you see the error - cannot start your session. wait a few minutes and try to logon again. If you still experience problems, contact your help desk. When you click on the "OK" button multiple times, eventually it goes away. More details on deployment...
op5 7.1.9 - Configuration Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'op5 v7.1.9 Configuration Command Execution', 'Description' = %q op5 an open source network monitoring software. The configurati...
emekportal21.txt
BiyoSecurity.Org script name : Emek Portal v2.1 tr Script Download : http://www.aspindir.com/indir.asp?id=2728 Risk : High Regards : Dj ReMix Thanks : Korsan , Liz0zim , TrIP Vulnerable file : girisyap.asp Manual connect : Go to Admin Panel Login ----- http://victim.com/path to script/uyegiris.as...