Category Archives: Advisories

USN-6947-1: Kerberos vulnerabilities

Read Time:21 Second

It was discovered that Kerberos incorrectly handled GSS message tokens
where an unwrapped token could appear to be truncated. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2024-37370)

It was discovered that Kerberos incorrectly handled GSS message tokens
when sent a token with invalid length fields. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-37371)

Read More

KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection

Read Time:20 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection

Title: Journyx Unauthenticated XML External Entities Injection
Advisory ID: KL-001-2024-010
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux…

Read More

KL-001-2024-009: Journyx Reflected Cross Site Scripting

Read Time:21 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-009: Journyx Reflected Cross Site Scripting

Title: Journyx Reflected Cross Site Scripting
Advisory ID: KL-001-2024-009
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE Classification: CWE-81:…

Read More

KL-001-2024-008: Journyx Authenticated Remote Code Execution

Read Time:20 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-008: Journyx Authenticated Remote Code Execution

Title: Journyx Authenticated Remote Code Execution
Advisory ID: KL-001-2024-008
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE…

Read More

KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce

Read Time:20 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce

Title: Journyx Unauthenticated Password Reset Bruteforce
Advisory ID: KL-001-2024-007
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE…

Read More