Lucene search
+L

132 matches found

symantec
symantec
added 2019/07/09 12:0 a.m.261 views

Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability

Description Microsoft Windows is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. Technologies Affected Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framewo...

1.1AI score0.06024EPSS
Exploits0Affected Software6
osv
osv
added 2019/04/18 2:28 p.m.22 views

GHSA-QPVX-GPQM-G98J Critical severity vulnerability that affects Auth0-WCF-Service-JWT

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

9.8CVSS9.4AI score0.01657EPSS
Exploits0References3
nvd
nvd
added 2019/04/11 8:29 p.m.18 views

CVE-2019-7644

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

9.8CVSS9.4AI score0.01657EPSS
Exploits0References1
prion
prion
added 2019/04/11 8:29 p.m.16 views

Code injection

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

7.5CVSS9.4AI score0.01657EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/04/11 7:44 p.m.30 views

CVE-2019-7644

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

9.5AI score0.01657EPSS
Exploits0References1
cve
cve
added 2019/04/11 7:44 p.m.78 views

CVE-2019-7644

The CVE-2019-7644 entry concerns Auth0-WCF-Service-JWT prior to 1.0.4, where the service leaks the expected JWT signature in an error message when signature validation fails. This enables an attacker to forge arbitrary JWT tokens that the vulnerable application will accept, effectively bypassing ...

9.8CVSS9.4AI score0.01657EPSS
Exploits0References1Affected Software1
myhack58
myhack58
added 2019/04/11 12:0 a.m.421 views

. NET advanced code audit of the first six classes DataContractSerializer deserialization vulnerability-vulnerability warning-the black bar safety net

DataContractSerializer class is used for serialization and de-serialization in Windows Communication Foundation WCF message to send the data for the CLR data type is serialized into an XML stream, which is located in the namespace System. Runtime. Serialization, and inherits from the System...

0.7AI score
Exploits0
myhack58
myhack58
added 2019/04/11 12:0 a.m.78 views

. NET advanced code audit of the seven classes NetDataContractSerializer deserializing vulnerability-vulnerability warning-the black bar safety net

NetDataContractSerializer and DataContractSerializer for serialization and de-serialization in Windows Communication Foundation WCF message to send the data. Between the two there is an important difference: the NetDataContractSerializer includes CLR through the CLR type to add additional...

0.3AI score
Exploits0
veracode
veracode
added 2019/03/05 7:53 a.m.20 views

Information Disclosure

Auth0-WCF-Service-JWT is vulnerable to information disclosure. The JWT signature is revealed in an error message when the JWT signature validation fails, allowing attackers to abuse the erroneous behavior to obtain and forge valid signatures for arbitrary tokens and bypass authentication and...

9.8CVSS9.1AI score0.01657EPSS
Exploits0References2Affected Software1
prion
prion
added 2019/03/01 4:29 p.m.16 views

Code injection

Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM...

7.2CVSS7.8AI score0.00394EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2019/03/01 4:29 p.m.18 views

CVE-2018-8790

Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM...

7.8CVSS7.8AI score0.00394EPSS
Exploits0References4
cvelist
cvelist
added 2019/03/01 4:0 p.m.18 views

CVE-2018-8790

Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM...

7.8AI score0.00394EPSS
Exploits0References4
cve
cve
added 2019/03/01 4:0 p.m.55 views

CVE-2018-8790

CVE-2018-8790 affects Check Point ZoneAlarm 15.3.064.17729 and earlier, where a WCF service is exposed that enables a local, low-privileged user to execute arbitrary code with SYSTEM privileges. The description in the CVE confirms the vulnerability vector and impact as SYSTEM remote code executio...

7.8CVSS7.7AI score0.00394EPSS
Exploits0References4Affected Software1
checkpoint_advisories
checkpoint_advisories
added 2019/01/22 12:0 a.m.40 views

IDenticard PremiSys Hardcoded Backdoor Account (CVE-2019-3906)

Hardcoded Backdoor Account exist in the IDenticard PremiSys . The vulnerability is due to service contains hardcoded credentials. Successful exploitation can allow admin access to the service via the Premisys WCF Service endpoint...

9CVSS4AI score0.0289EPSS
Exploits0
prion
prion
added 2019/01/18 6:29 p.m.12 views

Hardcoded credentials

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

9CVSS8.6AI score0.0289EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2019/01/18 6:29 p.m.22 views

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

9CVSS8.7AI score0.0289EPSS
Exploits0References2
osv
osv
added 2019/01/18 6:29 p.m.4 views

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

8.8CVSS7.4AI score0.0289EPSS
Exploits0References2
cve
cve
added 2019/01/18 6:0 p.m.50 views

CVE-2019-3906

CVE-2019-3906 affects IDenticard PremiSys (Identicard) Identicard 3.1.190. The root cause is use of hard-coded credentials in the PremiSys WCF service (port 9003), enabling an authenticated remote attacker to access/modify the badge system database with admin privileges. Mitigation per ICS-CERT U...

9CVSS8.6AI score0.0289EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2019/01/18 6:0 p.m.19 views

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

8.6AI score0.0289EPSS
Exploits0References2
mskb
mskb
added 2018/12/01 12:0 a.m.14 views

Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4467086)

Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 KB 4467086 Applies to: Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7, Microsoft .NET Framework...

6AI score
Exploits0
Rows per page
Query Builder