15 matches found
EUVD-2012-3925
Malware in sbrugna...
SinoTrack IOT PC Platform 安全漏洞
SinoTrack IOT PC Platform is a location-based system from SinoTrack, a Chinese company. A security vulnerability exists in SinoTrack IOT PC Platform that stems from a username restriction to a device identifier, which could lead malicious actors to enumerate potential targets...
MediaWiki Information Disclosure Vulnerability
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in MediaWiki before 1.35.12, versions 1.36.x through 1.39.5...
CVE-2023-42456 sudo-rs Session File Relative Path Traversal vulnerability
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
PT-2022-27660 · Opencaching Deutschland · Oc-Server3
Name of the Vulnerable Software and Affected Versions: Opencaching Deutschland oc-server3 affected versions not specified Description: A problematic issue has been found in the Login Page component, affecting the processing of the file htdocs/templates2/ocstyle/login.tpl. The manipulation of the...
CVE-2020-13321
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...
Open-Xchange: Username restriction bypass with SSL client authentication
Summary: Dovecot supports enforcing the login user name to be the one encoded in the SSL client certificate, thus restricting the username. Using SSL certificates that do not even contain the relevant field bypasses this restriction, maybe leading to full login bypass under some luckily rare...
Updated phpmyadmin packages fix security vulnerability
In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's...
Gratipay: Username Restriction is not applied for reserved folders
Hi, This issue is same as 128121 reported by a5tronaut. He reported some of the usernames for restriction and you applied check only for those usernames. I think username restriction should applied for all the usersnames, those are used for a directory or a link in gratipay. a5tronaut mentioned t...
Gratipay: Usernames ending in .json are not restricted
Desciption: Username in .json is not restricted. disallowed .json is allowed in username restriction URL : https://gratipay.com/robots.txt User-agent: Disallow: /.json Disallow: /on/ POC URL: https://gratipay.com/karthic.json/ and you will end up at my profile page...
Gratipay: Username .. (double dot) should be restricted or handled carefully
If I change my username to "test" then as in normal case it will send a GET request to /test/settings but if I change my username to ".." double dot within inverted commas then it will send GET request to /settings because /../settings will change to /settings and hence final GET request will be ...
CVE-2012-3981
Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt...
CVE-2012-3981
Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt...
MySQL and SQL field truncated vulnerability-vulnerability warning-the black bar safety net
The current Web developers certainly have a lot of people did not notice the author mentioned these two issues. The first problem is that, MySQL by default has a configuration parameters maxpacketsize, this parameter is used to limit the MySQL client and the MySQL server end of the data...
Character not allowed in user name
A user has sign up with the user name "m&m". The i tried to modify this user. Because the username is passed as url parameter FooServlet?name=m&m : GET or POST method the servlet container cut the name and try to retreive the username named "m" !!! The only way is to use a database client, change...