EUVD-2016-3094

Malware in sbrugna...

EUVD-1999-0575

Malware in sbrugna...

CVE-2019-15002

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account...

OPENSUSE-SU-2024:0274-1 Security update for cacti, cacti-spine

This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when importing packages boo1224229 CVE-2024-31459: RCE vulnerability when plugins include files...

ROS-20231109-02

Vulnerability in GLPI's request and incident handling system is related to information disclosure. Exploitation exploitation of the vulnerability could allow a remote attacker to obtain user logins. GLPI request and incident handling system vulnerability related to the lack of path filtering by...

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There...

PT-2023-6827 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to information disclosure in the GLPI system, which can be exploited by a remote attacker to reveal protected information, including user logins. Recommendations: For versions...

Iagona ScrutisWeb 安全漏洞

Iagona ScrutisWeb is a security solution from the French company Iagona. A security vulnerability exists in Iagona ScrutisWeb version 2.1.37 and earlier versions. An attacker could exploit the vulnerability to view configuration file information, including user login names and encrypted passwords...

Logon Duration Is Not Logged In Director For Session Logons Taking More Than 3 Minutes To Complete

Logon Duration not being logged in Database and Director for user logins taking more than 3 mins...

Duplicate Advisory: tgstation-server vulnerable to cached user logins in legacy server

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-42r6-p4px-qvv6. This link is maintained to preserve external references. Original Description In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 fixed in 3.2.5.0, active logins would be cached, allowing...

GHSA-7R36-JF3C-JHP4 Duplicate Advisory: tgstation-server vulnerable to cached user logins in legacy server

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-42r6-p4px-qvv6. This link is maintained to preserve external references. Original Description In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 fixed in 3.2.5.0, active logins would be cached, allowing...

Design/Logic Flaw

Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...

CVE-2021-36095

CVE-2021-36095 affects OTRS Community Edition v6.0.1+ and OTRS 7.x up to 7.0.28. The issue arises from the lost password feature, enabling a malicious attacker to determine valid user logins. Vectors/impact are described as a login enumeration through the lost-password flow, with CVSS base metric...

CVE-2021-36095

Removed by vendor...

CVE-2021-27793

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch...

Brocade Fabric OS 安全漏洞

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. A security vulnerability exists in Brocade Fabric OS that stems from an intermittent authorization failure in aaa tacacs+. The vulnerability could prevent a user with a vali...

Ocean Data Systems Dream Report 5 R20-2 安全漏洞

Ocean Data Systems Dream Report 5 R20-2 is an application from the French company Ocean Data Systems. A real-time reporting and charting solution. Dream Report 5 R20-2 suffers from a security vulnerability that allows an attacker to misuse registry entries which refer to weakly-privileged binarie...

Authentication flaw

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...

PT-2021-14421 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns an Insecure Direct Object Reference IDOR on "Solutions" in GLPI. This allows an unauthorized user to enumerate GLPI items names, including users' logins, using the knowbase search...

Cross site request forgery (csrf)

The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...