5 matches found
CVE-2025-49196 Deprecated TLS version supported
A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device...
CVE-2025-47779
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...
CVE-2024-49808 IBM Sterling Connect:Direct Web Services improper authorization
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions...
User Identity Spoofing in Bitrix Site Manager
Advisory ID: HTB23183 Product: Bitrix Site Manager Vendor: Bitrix, Inc Vulnerable Versions: 12.5.13 and probably prior Tested Version: 12.5.13 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 12, 2013 Public Disclosure:...
CVE-2012-4741
The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute...