Genua GenuGate High Resistance Firewall versions prior to 10.1 p4, 9.6 p7, and 9.0 Z p19 suffer from an authentication bypass vulnerability.
0161acaf18b16e7aa3d543af4bf41a1aOnline Voting System version 1.0 suffers from an authorization bypass vulnerability that allows for the password change of other users.
16768c5f888788b48538184a138bb0bbCASAP Automated Enrollment System version 1.0 suffers from an authentication bypass vulnerability.
535ea6fc08b41bb2412140d2c69c1c19Inteno IOPSYS version 3.16.4 suffers from a newline injection issue with samba share options that allows an attacker root access to the filesystem.
4dd764fc81b64e4c4edde1c782c708ffThis Metasploit module exploits an authentication bypass in Netsia SEBA+ versions 0.16.1 and below to add a root user.
48e1d8f9d10632c1de0461c5d272f23dCoturn version 4.5.1.x suffers from a loopback access control bypass vulnerability.
253cda007888131792b88ab2a5964ea2Dovecot versions 2.2.26 through 2.3.11.3 suffer from a bypass issue. When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using a specially crafted command. The attacker must have valid credentials to access the mail server.
5f6ec291becfdbef0390d40207572b2bMagic Home Pro version 1.5.1 suffers from an authentication bypass vulnerability.
443c1499ee75c5e874d1fb3b78099e20Red Hat Security Advisory 2020-5487-01 - The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Issues addressed include a bypass vulnerability.
fc415d96d2794550073159993905fd0dRed Hat Security Advisory 2020-5453-01 - The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Issues addressed include a bypass vulnerability.
b4a93cbe7feddaa610fd869f5a2f9e43Red Hat Security Advisory 2020-5423-01 - The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Issues addressed include a bypass vulnerability.
d926c7696d9a762d6499f87ef0ae8e38The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
b1d09f4404b1268792fe1602be620242Proof of concept code that demonstrates a full CSP bypass in Chromium 83.
5f28bc1718fd589618d504b2b06e5d99Intelbras Router RF 301K version 1.1.2 suffers from an authentication bypass vulnerability.
7f66e81bed10e301accbd0125edcf58aBigBlueButton versions 2.2.29 and below suffer from an e-mail validation bypass vulnerability.
e5cbcb0cd6ca27bcdf0920717ef88a9cThe TP-Link TL-WA855RE V5_200415 suffers from a flow where an unauthenticated attacker can reset the device and then set a new administrator password.
f79efa750b058c193c7a2434bcaf03bdThis Metasploit module performs an authentication brute forcing attack against the panel in Bludit version 3.9.2.
466a1ffa63c9bdf248aa584d522e3934Microsoft Windows suffers from a local spooler bypass vulnerability.
3f3c10cd2d2b0c404a73cddec7d03575Genexis Platinum-4410 version P4410-V2-1.28 suffers from missing access control and cross site request forgery vulnerabilities.
19dd7cfa841cbf52a780424e364979a9The CAPTCHA function for iDS6 DSSPro Digital Signage System version 6.2 is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the autoLoginVerifyCode object an attacker can receive a JSON message code and successfully bypass the CAPTCHA-based authentication challenge and perform brute-force attacks.
63ad9696454afc1b19e579a677c06b40Red Hat Security Advisory 2020-4436-01 - The gnome-software packages contain an application that makes it easy to add, remove, and update software in the GNOME desktop. The appstream-data package provides the distribution specific AppStream metadata required for the GNOME and KDE software centers. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include a bypass vulnerability.
db3a100b9d8cf91e055f1e39976e80f2Monitorr version 1.7.6m suffers from an authorization bypass vulnerability.
cff648ad561711a93b6dd2c39a72cee7Sentrifugo version 3.2 suffers from a restriction bypass vulnerability that allows for a remote shell upload.
981cdb0177e2271690c25d011e5b38c6Red Hat Security Advisory 2020-4304-01 - RHACM 2.0.4 images Red Hat Advanced Cluster Management provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Issues addressed include a bypass vulnerability.
b0ce11d71265978499e0048749ba5e2cBludit versions 3.9.2 and below bruteforce mitigation bypass exploit. Please visit the related homepage for deep dive details on usage.
e7c839c9101282f68b61aaf90a274f8f
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed