13 matches found
EUVD-2020-5581
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-13321
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. CVE-2020-133...
CVE-2020-13321
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...
GitLab < 12.10.13 (CVE-2020-13321)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. CVE-2020-13321 Note that Nessus has not tested for...
CVE-2023-25403
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...
CVE-2020-13321
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...
Format string
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...
CVE-2020-13321
CVE-2020-13321 affects GitLab versions prior to 13.1 where username format restrictions can be bypassed, allowing HTML tags to be added. This is caused by insufficient validation of usernames, per multiple connected sources. Impact is partial confidentiality/integrity exposure as per CVSS metrics...
This One Time on a Pen Test: Outwitting the Vexing VPN
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. Just...
"Length cannot be less than zero" error during the Update installation
Challenge The Update for Veeam ONE fails during the installation with the error message "Length cannot be less than zero". Cause User Principal Name or UPN user@domain is currently unsupported with Veeam ONE. User Logon Name or ULN domain\user is the only supported username format for the product...
Crob FTP Server 2.50.4 - Remote Username Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7776/info A vulnerability has been reported for Crob FTP Server. The problem occurs due to invalid format specifiers used when displaying a user-supplied username. As a result, it may be possible for an attacker to embed...
Backup to CIFS Share fails with "Failed to call RPC function 'FcIsExists': The user name or password is incorrect."
Error Change in Veeam Backup & Replication 12.x Starting in Veeam Backup & Replication 12, the error message that will be displayed when the credentials to access the SMB share are invalid was changed. The underlying error is still the same and is recorded in the log file:...
vsftpd security and bug fix update
2.0.1-6 - add option maxloginfails that kicks the session after few login fails - Resolves: 197141 - fix bad handling of unique files - Resolves: 250727 - increase maximum length of allowed username - Resolves: 236326 - fix create/lock race condition when more clients are uploading to a file -...