254 matches found
Siemens SiNVR 3 Video Server Authentication Bypass Vulnerability
SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and formerly distributed by Schille Informationssysteme gmmbH. An authentication bypass vulnerability exists in the HTTP service default port 5401/tcp of the Siemens SiNVR 3 Video Server. A...
vBulletin Flaw Exploited in Dutch Sex-Work Forum Breach
Hackers have stolen the account details of 250,000 users of Dutch sex-work forum Hookers.nl – including email addresses of both escorts and customers. The website provides a forum for escorts and customers to discuss sex work — including clients discussing their experiences with sex workers. A...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13421
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
Default credentials
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
CVE-2019-13421
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
Code injection
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13420
CVE-2019-13420 affects floragunn Search Guard (Elasticsearch/ELK plugin) prior to version 21.0. The vulnerability is a timing side-channel in the internal user database, which could leak information and impact confidentiality. The detail provided specifies the root cause as a timing discrepancy w...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
Brocade Network Advisor Vulnerabilities - Lenovo Support US
No description provided...
Privilege Escalation
jenkins is vulnerable to privilege escalation. Access to reserved names are not restricted in the HudsonPrivateSecurityRealm class when using jenkins' user database, which allows remote attackers to gain privileges by creating a reserved name...
CVE-2018-6445
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted not hashed password of the systems. The attacker could gain access to the Brocade Network Advisor System after...
Default credentials
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted not hashed password of the systems. The attacker could gain access to the Brocade Network Advisor System after...
CVE-2018-6445
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted not hashed password of the systems. The attacker could gain access to the Brocade Network Advisor System after...
CVE-2018-1000408
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database...
CVE-2018-1000408
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database...
CVE-2018-1000408
CVE-2018-1000408 describes a denial-of-service vulnerability in Jenkins where, on builds using the built-in Jenkins user database (HudsonPrivateSecurityRealm), an attacker without Overall/Read permission can access a specific URL, causing an ephemeral user record to be created in memory. Affected...
BSA-2018-746
Security Advisory ID : BSA-2018-746 Component : Servlet Revision : 1.0: Initial A Vulnerability in Brocade Network Advisor Version before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encypted not hashed password of the systems. The...