CVE-2023-25350

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection...

EUVD-2020-7755

Malware in sbrugna...

EUVD-2020-12783

Malware in sbrugna...

EUVD-2024-17345

Malicious code in bioql PyPI...

Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-001

This module enables you to do Two-Factor Authentication by email, using a user registered email to send a verification code to the user's email every time the user tries to log in to your site. The module did not sufficiently protect against brute force attacks, allowing an attacker to bypass the...

Display Last-Login-Date for the User

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-21933. panel Dear Atlassian! I don't know whether a ticket like this already exits or was solved, but I couln't find any. We would like to...

Security issue with GroupWise 6 and LDAP authentication in PostOffice

Issue: Any user can login into any GroupWise account. Environment: GroupWise 6 Post Office using LDAP authentication AND security configuration of PostOffice leaves LDAP User Name and Password fields blank in the Post Office Agent object in ConsoleOne. Exploit: Run GroupWise as any user either...

CVE-2001-0745

Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property...

CVE-2000-0378

The pamconsole PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in...