Lucene search
K

41 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/08/04 6:17 p.m.77 views

Security Bulletin: An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user (CVE-2023-38372)

Summary Guidance on best practices to mitigate or avoid compromise in case an unauthorized attacker obtains an IBM Watson IoT Platform security authentication token CVE-2023-38372. Vulnerability Details CVEID:CVE-2023-38372 DESCRIPTION: IBM Watson IoT Platform contains a vulnerability that could...

7.5CVSS5.9AI score0.00643EPSS
Exploits0Affected Software1
HackRead
HackRead
added 2022/12/13 7:0 p.m.12 views

Payment Giant Exposed 9 Million Credit Card Transaction Records

By Habiba Rashid The trove of sensitive data belonging to California-based Cornerstone Payment Systems was left exposed on a misconfigured server without any security authentication. This is a post from HackRead.com Read the original post: Payment Giant Exposed 9 Million Credit Card Transaction...

2.4AI score
Exploits0
HackRead
HackRead
added 2021/10/06 6:47 p.m.27 views

The Telegraph newspaper exposed 10TB of subscriber data

By Deeba Ahmed The data was exposed due to an unprotected Elasticsearch cluster and remained open to public access without any security authentication. This is a post from HackRead.com Read the original post: The Telegraph newspaper exposed 10TB of subscriber data...

1.2AI score
Exploits0
HackRead
HackRead
added 2021/08/01 12:28 p.m.61 views

Calgary Parking Authority exposed sensitive data of residents

By Waqas In total, CPA exposed 502 GB worth of data without any security authentication. This is a post from HackRead.com Read the original post: Calgary Parking Authority exposed sensitive data of residents...

1.7AI score
Exploits0
HackRead
HackRead
added 2021/05/24 1:57 p.m.27 views

Logistics giant exposes customer data, Lolz at researchers when alerted

By Habiba Rashid At the time of publishing this article; the data belonging to Bergen Logistics was available for public access without any security authentication. This is a post from HackRead.com Read the original post: Logistics giant exposes customer data, Lolz at researchers when alerted...

2.6AI score
Exploits0
UbuntuCve
UbuntuCve
added 2020/11/06 12:0 a.m.32 views

CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS7.2AI score0.57453EPSS
Exploits3References3
HackRead
HackRead
added 2020/08/19 6:6 p.m.20 views

Data scraping firm leaks 235m Instagram, TikTok, YouTube user records

By Sudais Asif According to researchers, the trove of data was left for public access without any security authentication. This is a post from HackRead.com Read the original post: Data scraping firm leaks 235m Instagram, TikTok, YouTube user records...

2.3AI score
Exploits0
OpenVAS
OpenVAS
added 2020/07/13 12:0 a.m.5 views

Huawei Data Communication: Security authentication configuration for NTP clients and level-2 or multi-level servers

Configure security verification for the NTP client and level-2 or multi-level servers. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.5AI score
Exploits0
HackRead
HackRead
added 2020/04/13 7:7 p.m.37 views

Gaming controllers manufacturer exposed 1.1M customer records

By Sudais Asif The company, a known manufacturer of gaming controllers and other accessories had left the database exposed to malicious actors without any security authentication. This is a post from HackRead.com Read the original post: Gaming controllers manufacturer exposed 1.1M customer record...

3.5AI score
Exploits0
CNVD
CNVD
added 2019/08/07 12:0 a.m.3 views

Logic Flaw Vulnerability in the Security Authentication of a Dahua Webcam Model

Zhejiang Dahua Technology Co., Ltd, is a video-centered intelligent IOT solution provider and operation service provider. A logic flaw vulnerability exists in the security authentication of a Dahua webcam model, which allows an attacker to forge packets and call the interface to execute arbitrary...

7.6AI score
Exploits0
Cvelist
Cvelist
added 2019/02/05 6:0 p.m.20 views

CVE-2018-19000

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data...

5.4AI score0.08789EPSS
Exploits0References2
NVD
NVD
added 2018/10/10 9:29 p.m.14 views

CVE-2018-16737

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation...

5.3CVSS5.2AI score0.01472EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:7 a.m.15 views

Security Bulletin: CLI access security issue on IBM System Storage Storwize V7000 Unified (CVE-2014-0880)

Summary CLI security issue. Vulnerability Details CVEID: CVE-2014-0880 DESCRIPTION: An unauthorized user with network access to a system's administrative IP Internet Protocol address may be able to gain access to the block CLI Command Line Interface of the system, allowing the user to issue all...

7.5CVSS1.1AI score0.01897EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2017/02/27 12:0 a.m.391 views

DokuWiki fetch.php SSRF vulnerability

Author: baolongniucow protection Dragon About DokuWiki DokuWiki is an open source wiki engine program, running on PHP environment. DokuWiki program small but powerful, flexible, suitable for small teams and personal web site Knowledge Base management. Vulnerability description DokuWiki latest...

6.7AI score
Exploits0
OpenVAS
OpenVAS
added 2015/09/22 12:0 a.m.10 views

Thomson CableHome Gateway (DWG849) Information Exposure

This host has Thomson CableHome GatewayDWG849 and is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.9AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/06/10 12:0 a.m.50 views

TinySRP Buffer Overflow

Dear Fulldisclosure, I submitted the below vulnerability to the HP Zero Day Initiative. They responded that they are not interested in vulnerabilities in this "product". Further, I tried to contact one of the authors Eric A. Young; the email bounced. I am busy with my day job and do not have the...

0.4AI score
Exploits0
Cvelist
Cvelist
added 2009/08/21 2:0 p.m.13 views

CVE-2008-7019

Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified 1 enombre and 2 euri cookies...

7.2AI score0.02561EPSS
Exploits1References3
Cvelist
Cvelist
added 2008/07/30 5:0 p.m.18 views

CVE-2008-3375

The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMUCookie cookie...

7.1AI score0.03559EPSS
Exploits1References8
Cvelist
Cvelist
added 2007/07/25 5:0 p.m.24 views

CVE-2007-3974

admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters...

6.8AI score0.0367EPSS
Exploits1References8
Atlassian
Atlassian
added 2002/05/22 12:31 p.m.24 views

Problem when signing up for new user Account from login page

I signed up for a new user account from the login page, filled in a username, password, name and e-mail. Then I tried to login with the new username and got this exception: java.lang.NullPointerException at com.opensymphony.module.user.User.getGroupsUser.java:94 at...

0.4AI score
Exploits0Affected Software1
Rows per page
Query Builder