CVE-2023-28126

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message...

CVE-2023-28126

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message...

Race condition

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message...

Ivanti Avalanche 竞争条件问题漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche version 6.3.x and prior versions. An attacker could exploit the...

CVE-2023-28126

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message...

Ivanti Avalanche EnterpriseServer Service Exposed Dangerous Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetUser class. The issue results from the lack of authentication prior to allowing...

Authentication flaw

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request...

CVE-2014-3781

CVE-2014-3781 describes an authentication bypass in Dotclear prior to 2.6.3 due to the dcXmlRpc::setUser method: if a user is attempting XML-RPC login with an empty password, the checkUser() path can be bypassed, allowing remote authentication bypass when the XML-RPC interface is enabled. Affecte...

CVE-2014-2526

Multiple cross-site scripting XSS vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the 1 sForumName or 2 sDescription parameter to Forum/manage/ForumManager.lsp; 3 sHint, 4 sWord, or 5 nId parameter to Forum/manage/hangman.lsp; 6 user...

BarracudaDrive多个跨站脚本漏洞

BarracudaDrive运用了网页界面的模式,让我们能轻松的与朋友分享文件。 1通过'/Forum/manage/ForumManager.lsp?nForumId=1'中'sForumName', 'sDescription'参数传递的输入在返回用户前没有正确验证，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 2通过'/Forum/manage/hangman.lsp?nId=1'中'sHint', 'sWord'参数传递的输入在返回用户前没有正确验证，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。...