22 matches found
gnutls: gnutls: Authentication Bypass via NUL Character in Username
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication due to the improper handling of usernames containing a NUL character when server is configured with RSA-PSK. An attacker can gain unauthorized access by sending a specially crafted username that causes the server...
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
CVE-2025-30035 Lack of API authentication allowing session generation for any user
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...
EUVD-2023-2922
Malicious code in bioql PyPI...
CVE-2022-2232
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...
CVE-2022-2232
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...
CVE-2022-2232
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. Mitigation This flaw requires a misconfiguration of the "UUID LDAP Attribute" values. When they are set to the standard...
keycloak: LDAP injection on username input
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...
keycloak: LDAP injection on username input
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...
SUSE CVE-2007-5797
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database...
SUSE SLES11 Security Update : squid3 (SUSE-SU-2020:14460-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14460-1 advisory. - An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This...
GitLab Username Format Restriction Bypass Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A vulnerability exists in GitLab versions prior to 13.1 that can be exploited to bypass the usernam...
Vehicle Parking Management System Authentication Bypass Vulnerability
Vehicle Parking Management System is a PHP + MySQL based parking management system. An authentication bypass vulnerability exists in Vehicle Parking Management System 1.0. The vulnerability can be exploited to bypass authentication via "Username: admin' && Password: Write Something"...
Wordpress plugin Wordfence username bypass vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A username bypass vulnerability exists in Wordpress plugin Wordfence, which can be exploited by an attacker to obtain usernam...
CVE-2016-9849
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the username. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...
WhatsApp Web Username Bypass Vulnerability
Exploit for tricks platform in category remote exploits Title: Web WhatsApp Username Bypass Date: 31.10.2016 Author: Glumi Software Link: https://web.whatsapp.com/ Why this works: Web WhatsApp is filtering null bytes for all username inputs but this can be bypassed by using the"NOP"-character 0x9...
Telegram Web 0.5.5 Username Bypass
Exploit Title: Telegram Web Empty Username Bypass Date: 18/10/2016 Author: Ashiyane Digital Security Team Software Link: https://web.telegram.org version : Telegram Web 0.5.5 Tested on: Windows 7 Description: Telegram filters null bytes for username input but you can bypass this filter with "NOP"...
Smart PHP Poll - Auth Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Smart PHP Poll Auth Bypass Vulnerability Google Dork: Copyright Smart PHP Poll. All Rights Reserved. Exploit Author: Mr.tro0oqy from Yemen Email : email protected Download Script...
security flaw
squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...