New User, Welcome!     Login

Next Page >>

Authentication Bypass

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager

Multiple vulnerabilities exist in the Cisco TelePresence Manager.
This security advisory outlines the details of the following
vulnerabilities:

  * Simple Object Access Protocol (SOAP) Authentication Bypass
  * Java Remote Method Invocation (RMI) Command Injection
  * Cisco Discovery Protocol Remote Code Execution

Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------

WARNING - CORRECT: BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI)

[+] Application: BlindBlog
[+] Version: 1.3.1
[+] Website: http://sourceforge.net/projects/cbblog/

[+] Bugs: [A] SQL Injection
         [B] Authentication Bypass
         [C] Local File Inclusion

[+] Exploitation: Remote
[+] Date: 03 Mar 2009

Wili-CMS 0.4.0 Multiple Vulnerabilities (Remote/Local File Inclusion - Authentication Bypass)

[+] Application: Wili-CMS
[+] Version: 0.4.0
[+] Website: http://wili-cms.sourceforge.net/

[+] Bugs: [A] Multiple Remote/Local File Inclusion
          [B] Authentication Bypass

[+] Exploitation: Remote
[+] Date: 06 Mar 2009

[+] Discovered by: Salvatore "drosophila" Fresta

BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI)

[+] Application: BlindBlog
[+] Version: 1.3.1
[+] Website: http://sourceforge.net/projects/cbblog/

[+] Bugs: [A] SQL Injection
          [B] Authentication Bypass
          [C] Local File Inclusion

[+] Exploitation: Remote
[+] Date: 03 Mar 2009

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Unified Communications Manager Denial
                         of Service and Authentication Bypass
                         Vulnerabilities

Advisory ID: cisco-sa-20080625-cucm

Revision 1.0

Sandbox 2.0.3 Multiple Remote Vulnerabilities

III. ANALYSIS
_____________

Summary:

 A) Authentication Bypass
 B) Arbitrary File Upload
 C) Local File Inclusion
 D) SQL Injection

Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities

[+] Application: Dynamic Flash Forum
[+] Version: 1.0 Beta
[+] Website: http://df2.sourceforge.net/

[+] Bugs: [A] Information Disclosure
          [B] Authentication Bypass
          [C] Multiple SQL Injection

[+] Exploitation: Remote
[+] Date: 09 Apr 2009

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities

III. ANALYSIS

Summary:

 A) Authentication Bypass
 B) Multiple SQL Injection

A) Authentication Bypass

Using a SQL Injection in the login process,  a  guest  can

[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass

Advisory: Owl Intranet Engine: Authentication Bypass

During a penetration test, RedTeam Pentesting discovered an
Authentication Bypass vulnerability in the Owl Intranet Engine, which
allows unauthenticated users administrative access to the affected
systems.


Details
=======

CelerBB 0.0.2 Multiple Vulnerabilities

This bug allows a guest to view reserved
information of any user.


- [C] Authentication Bypass

[-] Requisites: magic_quotes_gpc = off
[-] File affected: login.php

This bug allows a guest to bypass authentication.

BlogMan 0.45 Multiple Vulnerabilities

Application:       BlogMan
                          http://sourceforge.net/projects/blogman/
Version:             0.45
Bug:                   * Multiple SQL Injection
                          * Authentication Bypass
                          * Privilege Escalation
Exploitation:      Remote
Date:                 1 Mar 2009
Discovered by:  Salvatore "drosophila" Fresta
Author:              Salvatore "drosophila" Fresta

Creasito e-commerce content manager Authentication Bypass

[+] Application: creasito e-commerce content manager
[+] Version: 1.3.16
[+] Website: http://creasito.bloghosteria.com

[+] Bugs: [A] Authentication Bypass

[+] Exploitation: Remote
[+] Date: 20 Apr 2009

[+] Discovered by: Salvatore "drosophila" Fresta

JamRoom <= 3.3.8 Authentication Bypass

# GulfTech Security Research                July 28, 2008
##########################################################
# Vendor : Talldude Networks, LLC
# URL : http://www.jamroom.net/
# Version : Jamroom <= 3.3.8
# Risk : Authentication Bypass
##########################################################


Description:
Jamroom is a popular online social media cms used to host artist sites

CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03

[*] Product : evalsmsi
[*] Version : 2.1.03
[*] URL : http://sourceforge.net/projects/evalsmsi/
[*] Platform : PHP/MySQL
[*] Type of vulnerability : SQL Injection, Authentication Bypass,
                            Cross-Site Scripting
[*] Risk rating : High
[*] Issue fixed in version : 2.2.00
[*] Vulnerability discovered by : ekse
[*] Corelan Team is : corelanc0d3r, EdiStrosar, rick2600, mr_me, ekse, MarkoT,

Tiny Blogr 1.0.0 rc4 Authentication Bypass

[+] Application: Tiny Blogr
[+] Version: 1.0.0 rc4
[+] Website: http://tinyblogr.sourceforge.net

[+] Bugs: [A] Authentication Bypass

[+] Exploitation: Remote
[+] Date: 17 Apr 2009

[+] Discovered by: Salvatore "drosophila" Fresta

ezContents CMS Multiple Vulnerabilities

  - 'selecttheme.php'/'Theme'
  - 'showcontents.php'/'groupname' and 'subgroupname' and 'topgroupname'
  - 'showdetails.php'/'contentname'
  - 'userinfo.php'/'topgroupname'

+--> Authentication Bypass
Authentication Bypass in 'comments.php'. No check for login performed.


####################
- Exploits/PoCs:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

6500 Series ASA Services Module are affected by multiple
vulnerabilities as follows:

  * MSN Instant Messenger (IM) Inspection Denial of Service
    vulnerability
  * TACACS+ Authentication Bypass vulnerability
  * Four SunRPC Inspection Denial of Service vulnerabilities
  * Internet Locator Service (ILS) Inspection Denial of Service
    vulnerability

These vulnerabilities are independent; a release that is affected by

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive
Security Appliances and Cisco PIX Security Appliances. This security
advisory outlines the details of these vulnerabilities:

  * VPN Authentication Bypass when Account Override Feature is Used
    vulnerability

  * Crafted HTTP packet denial of service (DoS) vulnerability

  * Crafted TCP Packet DoS vulnerability

[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances

Advisory: Authentication Bypass in Configuration Import and Export of
          ZyXEL ZyWALL USG Appliances

Unauthenticated users with access to the management web interface of
certain ZyXEL ZyWALL USG appliances can download and upload
configuration files, that are applied automatically.


Details
=======

www.eVuln.com : Authentication Bypass by SQL Injection in Social Share

www.eVuln.com advisory:
Authentication Bypass by SQL Injection in Social Share
Summary: http://evuln.com/vulns/167/summary.html 
Details: http://evuln.com/vulns/167/description.html 

-----------Summary-----------
eVuln ID: EV0167
Software: Social Share
Vendor: n/a
Version: 2010-06-05

www.eVuln.com : "post" - Non-persistent XSS in slickMsg

http://evuln.com/vulns/161/exploit.html 
---------Solution----------
Not available
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/auth-bypass/ - recent Authentication Bypass vulns

AST-2008-003: Unauthenticated calls allowed from SIP channel driver

   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Unauthenticated calls allowed from SIP channel    |
   |                    | driver                                            |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Authentication Bypass                             |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Major                                             |
   |--------------------+---------------------------------------------------|

[eVuln.com] Cookie authentication bypass in Alguest

New eVuln Advisory:
Cookie authentication bypass in Alguest
Summary: http://evuln.com/vulns/152/summary.html 
Details: http://evuln.com/vulns/152/description.html 

-----------Summary-----------
eVuln ID: EV0152
Software: Alguest
Vendor: n/a
Version: 1.1c-patched

Authentication Bypass of Snom Phone Web Interface

#
# Product:   Snom VoIP/SIP Phones (Snom300, Snom320, Snom360, 
#            Snom370, Snom820)
# Vendor:    snom technology AG
# CVD ID:    CVE-2009-1048
# Subject:   Authentication Bypass of Snom Phone Web Interface
# Risk:      High
# Effect:    Remote
# Author:    Walter Sprenger
# Date:      August 13, 2009
#

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances

  * WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
    Vulnerability
  * Crafted TCP Segment Denial of Service Vulnerability
  * Crafted Internet Key Exchange (IKE) Message Denial of Service
    Vulnerability
  * NT LAN Manager version 1 (NTLMv1) Authentication Bypass
    Vulnerability

These vulnerabilities are not interdependent; a release that is affected
by one vulnerability is not necessarily affected by the others.

IS-2010-005 - D-Link DAP-1160 Authentication Bypass

Security Advisory

IS-2010-005 - D-Link DAP-1160 Authentication Bypass



Advisory Information
--------------------
Published:
2010-06-29

MSL-2009-001 - Samsung Missing Provisioning Authentication

Vulnerability Details
---------------------
Class:
Authentication Bypass

Remote:
Yes

Local:

Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pandora FMS Authentication Bypass and Multiple Input Validation
Vulnerabilities

CVE IDs in this security advisory:

1) Authentication bypass - CVE-2010-4279
2) OS Command Injection - CVE-2010-4278

2WIRE Gateway Authentication Bypass & Password Reset

2WIRE GATEWAY AUTHENTICATION BYPASS & PASSWORD RESET
====================================================


   DESCRIPTION
-----------------
There is an authentication bypass vulnerability in page=CD35_SETUP_01
that allows you to set a new password even if the password was
previously set.

PR07-40: Authentication Bypass, Passwords Leakage and SNMP Injection on 3Com AP 8760

PR07-40: Authentication Bypass, Passwords Leakage and SNMP Injection on
3Com AP 8760

Vulnerability Found: 6th November 2007

Vendor Informed: 2nd May 2008

Date Public: 14th November 2008

Severity: Medium
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!