459 matches found
File Containment Vulnerability in EaseUS Web Authentication System
EaseUS Web Authentication System is a user management system structured in PHP+Mysql. A file inclusion vulnerability exists in EaseUS Web Authentication System. An attacker can exploit this vulnerability to gain server privileges...
UBUNTU-CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...
多款Netgear产品授权问题漏洞
The NETGEAR DGN2200v1 is an N300 wireless ADSL2+ modem router. An HTTPd authentication vulnerability exists in versions prior to NETGEAR DGN2200v1 v1.0.0.60. No detailed vulnerability details are provided at this time...
chromium-browser: Use after free in WebAuthentication
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
WebAuthn Passwordless Authentication Now Available for Atlassian Products
Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team...
[ASA-202006-3] chromium: multiple issues
Arch Linux Security Advisory ASA-202006-3 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1178 Summary =====...
Google Chrome WebAuthentication Resource Management Error Vulnerability
Google Chrome is a web browser of Google Google, Inc. WebAuthentication is one of the web authentication components. A resource management error vulnerability exists in WebAuthentication in Google Chrome versions prior to 83.0.4103.97. A remote attacker can exploit this vulnerability to cause a...
UBUNTU-CVE-2020-6493
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2020-1631
CVE-2020-1631 is a path traversal/LFI vulnerability in the HTTP/HTTPS J-Web service of Junos OS. An unauthenticated attacker can exploit HTTP(S) to perform local file inclusion, path traversal, or possibly inject commands into httpd.log, read files with world-readable permissions (notably configu...
CVE-2020-5893
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection...
CVE-2020-1631
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...
Argo License Issue Vulnerability (CNVD-2020-27455)
Argo is an open source container native workflow engine. Argo suffers from an authorization problem vulnerability that stems from the use of immutable authentication tokens in the web interface authentication system. An attacker could exploit this vulnerability to gain unauthorized access to...
X (Formerly Twitter): Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques}
Summary I tried to guess on my account. I sent out nearly 1,000 requests, and I was virtually banned on request about 120. But when I changed my IP and tried logging in, I was logged into the account without any additional checks Description: Your web authentication endpoint,...
WAGO PFC100 and PFC200 Information Disclosure Vulnerability
The WAGO PFC 200 and WAGO PFC 100 are both programmable logic controllers PLCs from WAGO Germany. A security vulnerability exists in the Web-Based Management authentication feature in the WAGO PFC200 versions 03.00.3912 and 03.01.0713 and the WAGO PFC100 version 03.00.3912. The vulnerability can ...
CVE-2019-5165
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...
Authentication flaw
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...
CVE-2019-5165
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...
CVE-2019-5165
CVE-2019-5165 affects the Moxa AWK-3131A (firmware 1.13). Authentication bypass is caused by hostname processing that lets an attacker send authenticated SNMP requests to trigger a web-auth bypass, effectively treating remote traffic as local. Talos reports an 8.0 CVSSv3 (CR: C/H, PR: H, UI: N, S...
New Muhstik Botnet Attacks Target Tomato Routers
A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found. Researchers at Palo Alto Networks’ Unit 42 discovered the new variant...
CVE-2013-4859
INSTEON Hub 2242-222 lacks Web and API authentication...