openSUSE Security Update : otrs (openSUSE-2020-1475)

Otrs was updated to 5.0.42, fixing lots of bugs and security issues : https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10 : - Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset...

Cisco Webex Training Input Validation Error Vulnerability

Cisco Webex Training is an online training solution. An input validation error vulnerability exists in Cisco Webex Training that originates from not properly validating input data, allowing remote attackers to join a password-protected session without providing the session password...

openSUSE Security Update : otrs (openSUSE-2020-551)

Otrs was updated to 5.0.42, fixing lots of bugs and security issues : https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10 : - Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset...

Insecure Authentication Mechanism

craftcms/cms is uses an insecure authentication mechanism. There is no account lockout after multiple failed attempts to log-in and the application does not rate-limit the elevated session password prompt, allowing an attacker to perform a brute-force attack on the log-in function and discover...

Sql injection

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them...

CVE-2019-15929

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them...

CVE-2019-15929

Craft CMS up to version 3.1.7 is affected by an authentication issue where the elevated session password prompt was not rate-limited, enabling brute-force attempts as described across multiple sources. The vulnerability affects the login flow for elevated sessions and is documented in CVE-2019-15...

PHP121 Instant Messenger 1.4 - Remote Code Execution

PHP121 Instant Messenger 1.4 - Remote Code Execution !/usr/bin/php -q -d shortopentag=on works with magicquotesgpc = Off\r\n\r\n"; echo "a dork: inurl:php121login.php | inurl:php121im.php | intitle:"PHP121 - PLEASE"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo...

bmc.patrol.agent.txt

Date: Fri, 9 Apr 1999 12:46:33 +0200 From: fcosta To: [email protected] Subject: Patrol security bugs / / / / / / Security Department / / / Tel : +33 01 41 91 39 00 / / // / Fax : +33 01 41 91 39 99 / / / Patrol Security bugs report PROBLEM: The PATROL management software from BMC SOFTWARE has...