EUVD-2022-3834

Malicious code in bioql PyPI...

BIT-PHP-MIN-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

Accept weak password in reset-password function

Description Step to reproduce: 1. Go to https://book.dansmonorage.blue/password-reset. 2. Type your email and recieve reset password link. 3. Enter a as new password and success. Proof of Concept POST /password-reset/D4VUXDL5 HTTP/2 Host: book.dansmonorage.blue Cookie:...

CVE-2019-14909

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none LDAP anonymous bind, any password, invalid or valid will be accepted...

pysaml2 Improper Authentication vulnerability

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

Ubuntu 16.04 LTS : PySAML2 vulnerability (USN-3520-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3520-1 advisory. It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as a...

CVE-2005-3538

hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges...