11 matches found
EUVD-2015-6277
Malware in sbrugna...
CVE-2024-32868
ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...
Digisol Router 安全漏洞
Digisol Router is a series of routers from Digisol. A security vulnerability exists in Digisol Router that stems from improper implementation of password policies...
HALO 2.13.1 CORS Issue
Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted Author: nu11secur1ty Date: 03/15/2024 Vendor: https://www.halo.run/ Software: https://github.com/halo-dev/halo Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...
Weak password policy : Old password can be set as new password
Description Rdiffweb has a weak password implementation , where a new password set by the user can be same to the old password Proof of Concept 1 Go to https://rdiffweb-demo.ikus-soft.com/prefs/general end point 2 Change your password Set your new password similar to old password you will notice...
scap-security-guide bug fix and enhancement update
An update for scap-security-guide is now available for Rocky Linux 8. The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol SCAP format and constitutes ...
Google Chrome Information Disclosure Vulnerability (CNVD-2019-46762)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability that stems from the program's failure to fully implement policies. The vulnerability can be exploited to obtain sensitive information from process memory via special...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: Several security fixes in this release, including: 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 793620 High...
CVE-2015-6335
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839...
CVE-2015-6335
Cisco FireSIGHT Management Center for VMware is affected by a policy-code vulnerability (Bug CSCuw12839) in versions 5.3.1.7, 5.4.0.4 and 6.0.0. An authenticated remote administrator may bypass policy restrictions and execute Linux commands as root on the underlying OS due to insufficient sanitiz...
SeaMonkey < 2.11.0 Multiple Vulnerabilities
The installed version of SeaMonkey is earlier than 2.11.0. Such versions are potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. CVE-2012-1948, CVE-2012-1949 - Several memory safety issues...