Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login security project login security vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0956
The telnet daemon (telnetd) in MIT krb5 prior to 1.6.1 allows remote malicious users to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
Mit Kerberos 5
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 5.10
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 6.10
NA
CVE-2013-4567
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki prior to 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3 allows remote malicious users to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.20.7
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
7.5
CVSSv3
CVE-2013-4572
The CentralNotice extension for MediaWiki prior to 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote malicious users to authenticate as the created user.
Mediawiki Mediawiki
Fedoraproject Fedora 18
Fedoraproject Fedora 19
NA
CVE-2013-4568
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki prior to 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3 allows remote malicious users to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using va...
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.20.7
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.4
7.5
CVSSv3
CVE-2021-36369
An issue exists in Dropbear up to and including 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security mea...
Dropbear Ssh Project Dropbear Ssh
Debian Debian Linux 10.0
2 Github repositories
9.8
CVSSv3
CVE-2023-25561
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an maliciou...
Datahub Project Datahub
9.8
CVSSv3
CVE-2021-42169
The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no se...
Simple Payroll System With Dynamic Tax Bracket Project Simple Payroll System With Dynamic Tax Bracket 1.0
9.8
CVSSv3
CVE-2017-9433
Document Liberation Project libmwaw prior to 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.
Libmwaw Project Libmwaw
7.8
CVSSv3
CVE-2016-5684
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vu...
Freeimage Project Freeimage 3.17.0
5.5
CVSSv3
CVE-2017-5978
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote malicious users to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.
Zziplib Project Zziplib 0.13.62
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »