PT-2023-20161 · Unknown +6 · Gss-Ntlmssp +6

Name of the Vulnerable Software and Affected Versions: GSS-NTLMSSP versions prior to 1.2.0 Description: GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit...

Upgraded Q -> M from #55 [1674745091248]

Judge has assessed an item in Issue 55 as M risk. The relevant finding follows: minimum deposit amount for tokens with non standart decimals value are too high. 0.1 can be quite a lot for tokens with small totalAmount, so this requirement can become too restrictive. For example, WBTC token have 8...

Insecure Session Management

cfme2 uses insecure session management. An attacker is able to perform session tampering attacks using the secret in the static secrettoken.rb...

CVE-2012-4402

webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service...

CVE-2012-4402

The CVE relates to Moodle (2.1.x before 2.1.8, 2.2.x before 2.2.5, 2.3.x before 2.3.2). The issue is that web-service tokens are not properly restricted, allowing remote authenticated users to invoke functions from external services using a token intended for a single service. Impact per sources ...