OpenOLAT Security Vulnerabilities

OpenOLAT is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a Learning Management System. A security vulnerability exists in OpenOLAT versions prior to 18.1.0, which stems from a vulnerability that allows an attacker to emulate a system user and read...

WSO2 API Manager Security Vulnerability

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, USA. A security vulnerability exists in WSO2 API Manager that stems from a potential user emulation vulnerability in federated authentication using JIT configuration when certain configurations are enabled...

Webkul QloApps 跨站脚本漏洞

Webkul QloApps is a free and open source hotel reservation and online booking system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a cross-site scripting XSS vulnerability. An attacker can use this vulnerability to obtain a user's session cookie and then emula...

keycloak 授权问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in keycloak. An attacker exploited the vulnerability to conduct user emulation via stolen uuid code...

GitLab has an unspecified vulnerability (CNVD-2021-66915)

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. A security vulnerability exists in Gitlab, which stems from the product's la...

GitLab 安全漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. A security vulnerability exists in Gitlab, which stems from the product's la...

Ping Identity RSA SecurID Integration Kit 访问控制错误漏洞

The Ping Identity RSA SecurID Integration Kit is Ping Identity's PingFederate Integration Kit for RSA SecurID® that adds Identity Provider IdP integration options to PingFederate by providing an RSA SecurID adapter that acts as an RSA® Authentication Agent. Program IdP integration option to...

IBM Security Access Manager Appliance 权限许可和访问控制问题漏洞

IBM Security Access Manager Appliance ISAM Appliance is a network appliance-based security solution from IBM, USA. The product is mainly used for access control and Web-based threat protection, providing system performance monitoring, log analysis and diagnosis. IBM Security Access Manager...

IBM Security Verify Information Queue Session Fixation Vulnerability

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A session fixation vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from incorre...

[SECURITY] Fedora 29 Update: qemu-3.0.0-2.fc29

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Apache Knox User Emulation Vulnerability

Apache Knox is an application gateway for Apache Hadoop deployments to interact with the REST API and UI from the Apache Software Foundation. A user emulation vulnerability exists in Apache Knox versions 0.2.0 through 0.11.0. An attacker can exploit the vulnerability by impersonating another user...

Poezio/SleekXMPP/Slixmpp User Emulation Vulnerability

XMPP is Extensible Messaging and Presence Protocol, a set of open technologies for instant messaging, multi-party chat, voice and video calls. A user emulation vulnerability exists in Poezio/SleekXMPP/Slixmpp. An attacker can exploit this vulnerability to emulate arbitrary users, leading to furth...

ChatSecure and Zom User Emulation Vulnerabilities

ChatSecure is an open source project program that provides secure communication channels for XMPP Google Instant Messenger, Jabber, etc. or Oscar AIM to ensure encrypted chat services.Zom is a free and open source software with privacy features to help you stay connected wherever you are. A user...

Psi+ User Simulation Vulnerability

Psi is a cross-platform Jabber client of which Psi+ is a fork. Psi+ has a user emulation vulnerability. An attacker can use this vulnerability to emulate any user, leading to further attacks...

Profanity XMPP Client User Emulation Vulnerability

XMPP is Extensible Messaging and Presence Protocol, a set of open technologies for instant messaging, multi-party chat, voice and video calls. A user emulation vulnerability exists in Profanity XMPP Client. An attacker can exploit this vulnerability to emulate any user, leading to further attacks...

mcabber user emulation vulnerability

mcabber is an XMPP Jabber console client. A user emulation vulnerability exists in mcabber. The vulnerability exists because the program fails to properly implement "XEP-0280: Message Carbons". A remote attacker can exploit this vulnerability to impersonate an arbitrary user...