132 matches found
Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability
Description Microsoft Windows is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. Technologies Affected Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framewo...
GHSA-QPVX-GPQM-G98J Critical severity vulnerability that affects Auth0-WCF-Service-JWT
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...
CVE-2019-7644
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...
Code injection
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...
CVE-2019-7644
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...
CVE-2019-7644
The CVE-2019-7644 entry concerns Auth0-WCF-Service-JWT prior to 1.0.4, where the service leaks the expected JWT signature in an error message when signature validation fails. This enables an attacker to forge arbitrary JWT tokens that the vulnerable application will accept, effectively bypassing ...
. NET advanced code audit of the first six classes DataContractSerializer deserialization vulnerability-vulnerability warning-the black bar safety net
DataContractSerializer class is used for serialization and de-serialization in Windows Communication Foundation WCF message to send the data for the CLR data type is serialized into an XML stream, which is located in the namespace System. Runtime. Serialization, and inherits from the System...
. NET advanced code audit of the seven classes NetDataContractSerializer deserializing vulnerability-vulnerability warning-the black bar safety net
NetDataContractSerializer and DataContractSerializer for serialization and de-serialization in Windows Communication Foundation WCF message to send the data. Between the two there is an important difference: the NetDataContractSerializer includes CLR through the CLR type to add additional...
Information Disclosure
Auth0-WCF-Service-JWT is vulnerable to information disclosure. The JWT signature is revealed in an error message when the JWT signature validation fails, allowing attackers to abuse the erroneous behavior to obtain and forge valid signatures for arbitrary tokens and bypass authentication and...
Code injection
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM...
CVE-2018-8790
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM...
CVE-2018-8790
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM...
CVE-2018-8790
CVE-2018-8790 affects Check Point ZoneAlarm 15.3.064.17729 and earlier, where a WCF service is exposed that enables a local, low-privileged user to execute arbitrary code with SYSTEM privileges. The description in the CVE confirms the vulnerability vector and impact as SYSTEM remote code executio...
IDenticard PremiSys Hardcoded Backdoor Account (CVE-2019-3906)
Hardcoded Backdoor Account exist in the IDenticard PremiSys . The vulnerability is due to service contains hardcoded credentials. Successful exploitation can allow admin access to the service via the Premisys WCF Service endpoint...
Hardcoded credentials
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...
CVE-2019-3906
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...
CVE-2019-3906
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...
CVE-2019-3906
CVE-2019-3906 affects IDenticard PremiSys (Identicard) Identicard 3.1.190. The root cause is use of hard-coded credentials in the PremiSys WCF service (port 9003), enabling an authenticated remote attacker to access/modify the badge system database with admin privileges. Mitigation per ICS-CERT U...
CVE-2019-3906
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...
Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4467086)
Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 KB 4467086 Applies to: Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7, Microsoft .NET Framework...