6 matches found
EUVD-2020-6451
Malware in sbrugna...
CVE-2020-14299
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...
CVE-2020-14299
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...
Authentication flaw
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...
CVE-2020-14299
CVE-2020-14299 affects Red Hat JBoss Enterprise Application Platform (EAP). The flaw stems from using a legacy SecurityRealm delegating to a legacy PicketBox SecurityDomain and reloading to admin-only mode, enabling complete authentication bypass with an arbitrary user/password. The impact is des...
Vimeo: XSS on any site that includes the moogaloop flash player | deprecated embed code
The moogaloop flash player includes in most cases http://f.vimeocdn.com/p/flash/moogaloop/6.0.30/controllers/videoControllerProgressive.swf. In that flash file we can find functionality that looks into the SharedObject "com.conviva.livePass" for recently loaded swf-URLs under the key "lastSwfUrls...