20 matches found
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...
EUVD-2021-26270
Malware in sbrugna...
CVE-2021-39914
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user...
CVE-2024-47189
The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...
Regular Expression Denial Of Service (ReDoS)
gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists because the library causes excessive usage of resources when a maliciously crafted username is used when provisioning a new user...
CVE-2021-39914
CVE-2021-39914 is a Denial of Service vulnerability in GitLab where a crafted username during user provisioning can trigger pathological backtracking in a regular expression, leading to excessive resource usage. Affected GitLab versions are 8.13 to 14.2.5, 14.3.0 to 14.3.3, and 14.4.0 (inclusive)...
PT-2021-22760 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 8.13 to 14.2.5 GitLab versions 14.3.0 to 14.3.3 GitLab versions 14.4.0 Description: A regular expression denial of service issue could cause excessive usage of resources when a specially crafted username was used when...
Looking Back and Moving Forward With Rapid7’s Cloud Security Solution
This blog post was co-authored by Jamie Gale and Charles Stokes. Done with Q1 The DivvyCloud by Rapid7 team has had a busy and productive start to 2021, and we anticipate that the rest of this year will be equally exciting for our valued customers. In the first three months alone, we incorporated...
CVE-2018-0322
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictio...
CVE-2018-0322
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictio...
Cisco Prime Collaboration Provisioning Access Control Vulnerability
Cisco Prime Collaboration Provisioning PCP is a set of Web-based, next-generation communications services software from Cisco. The software provides IP communication service features for IP telephony, voice mail and unified communications environments. A privilege-granting and access control...
Cisco Prime Collaboration Provisioning Tool Cross-Site Scripting Vulnerability (CNVD-2018-05347)
The Cisco Prime Collaboration Provisioning Tool is a set of Web-based, next-generation communications services tools from Cisco. The tool provides IP communication service capabilities for IP telephony, voice mail, and unified communications environments.The User Provisioning tab is one of the us...
CVE-2018-0205
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...
CVE-2018-0205
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...
CVE-2018-0205
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...
Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...
Uber: OneLogin authentication bypass on WordPress sites
First, I'm sorry about reporting another WordPress bug my intention was just to check if WP-OneLogin stores any sensitive info that could be used to attack OneLogin on your other websites. Overview The .uber.com WordPress sites use OneLogin SAML-SSO instead of the normal WordPress login. The...
Comptel InstantLink Cross Site Scripting
-------------------------------------------------------------------- Exploit Title: Comptel InstantLink" XSS vulnerability Date: 24 Feb 2010 Author: thebluegenius Software Link: http://www.comptel.com/ProvisioningActivation/ Version: All CVE : NA --------------------------------------------------...
Sun Java System Web Server Search Module XSS
The remote host is running Sun Java System Web Server, a Java application for user provisioning and identity auditing in enterprise environments. The version of Sun Java System Web Server installed on the remote host fails to sanitize user-supplied input to its Search module before using it to...
Sun Java System Identity Manager Multiple XSS
The remote host is running Sun Java System Identity Manager, a Java application for user provisioning and identity auditing in enterprise environments. The version of Identity Manager installed on the remote host fails to sanitize user-supplied input to various JSP scripts before using it to...