Lucene search
+L

151 matches found

CVE
CVE
added 2022/05/26 3:20 p.m.62 views

CVE-2022-24414

CVE-2022-24414 affects Dell EMC CloudLink 7.1.3 and earlier. The authentication token is exposed in GET request parameters, which can be logged by reverse proxies and servers, potentially allowing attackers to access the CloudLink server. The underlying issue is insecure token usage in URLs. Expe...

7.6CVSS6.4AI score0.00591EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/05/26 3:20 p.m.20 views

CVE-2022-24414

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attac...

7.6CVSS7.6AI score0.00591EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.4 views

PT-2022-13879 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.6 through 14.8.5 GitLab versions 14.9 through 14.9.3 GitLab versions 14.10 through 14.10.0 Description: An issue has been discovered in GitLab where the platform was not correctly authenticating a user who had a certain...

4.3CVSS4AI score0.00866EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2022/05/09 11:46 a.m.404 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5 prod...

9.8CVSS10AI score0.99956EPSS
Exploits63
ATTACKERKB
ATTACKERKB
added 2022/03/16 12:0 a.m.7 views

CVE-2022-24414

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attac...

7.6CVSS6.6AI score0.00591EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/23 2:37 p.m.22 views

Security Bulletin: IBM i2 Analyze and i2 Analyst's Notebook Premium has session handling vulnerability (CVE-2021-20431)

Summary i2 Analyze is subject to an auth token expiration vulnerability. Vulnerability Details CVEID: CVE-2021-20431 DESCRIPTION: IBM i2 Analyst's Notebook Premium does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. CVSS Base...

6.5CVSS1AI score0.00935EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/07/02 7:15 p.m.22 views

CVE-2021-34807

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any U...

6.1CVSS6.6AI score0.00971EPSS
Exploits0References4
Prion
Prion
added 2021/07/02 7:15 p.m.26 views

Open redirect

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any U...

5.8CVSS6.1AI score0.00971EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/07/02 6:54 p.m.45 views

CVE-2021-34807

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any U...

6.6AI score0.00971EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/05/13 12:0 a.m.5 views

PT-2021-20870 · Unknown · Noobaa-Operator

Name of the Vulnerable Software and Affected Versions: noobaa-operator versions prior to 5.7.0 Description: A flaw was found in noobaa-operator where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could u...

8.8CVSS6.4AI score0.00887EPSS
Exploits0References4
Snyk
Snyk
added 2021/01/10 1:0 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. The /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicio...

7.5CVSS6.8AI score0.00917EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2020/03/28 12:0 a.m.270 views

DLINK DWL-2600 Authenticated Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DLINK DWL-2600 Authenticated Remote Command Injection', 'Description' = %q Some DLINK Access Points are vulnerable to an authenticated OS command...

7.2CVSS0.1AI score0.96635EPSS
Exploits7
Hacker One
Hacker One
added 2020/02/12 11:8 a.m.33 views

Nextcloud: nextcloud-snap CircleCI project has vulnerable configuration which can lead to exposing secrets

Summary: CircleCI allows projects to configure whether builds will run as a result of a pull request from a fork, and also whether these fork PRs have access to the secrets stored in the parent repo's CircleCI settings. When both settings are enabled, and the repo associated with the project allo...

6.7AI score
Exploits0
0day.today
0day.today
added 2018/10/12 12:0 a.m.51 views

CAMALEON CMS 2.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability...

6.3AI score0.01049EPSS
Exploits2
Hacker One
Hacker One
added 2018/08/14 3:56 a.m.139 views

Chaturbate: Stats Token doesn't expire after deactivating account

The hacker found that the stats token, that a user can use to access their own account information, does not expire when an account is deactivated. This was resolved so the view could not be used after deactivation. Application has a feature Authorize your 3rd party stats that provides users a wa...

3.1AI score
Exploits0
Kitploit
Kitploit
added 2018/02/24 9:12 p.m.133 views

meg+ - Automated Reconnaissance Wrapper

This wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when approaching a target. meg+ also allows you to scan all your in-scope targets on HackerOne in one go — it simply retrieves them using a...

7.3AI score
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2017/12/14 12:0 a.m.7 views

The vulnerability of the BIGIPAuthCookie service in the iControl REST interface of the BIG-IP product line allows a attacker to gain access to the interface.

The vulnerability of the BIGIPAuthCookie service in the iControl REST interface of the BIG-IP product line is related to an incorrect session expiration time. Exploiting this vulnerability allows a malicious actor to gain access to the iControl REST interface by converting outdated cookie files...

7.5CVSS5.5AI score0.01053EPSS
Exploits0References2Affected Software10
Veracode
Veracode
added 2017/11/22 12:40 a.m.22 views

Authentication Bypass

swauth is vulnerable to authentication bypass. Attackers can use a request token from the log file, to use in the X-Auth-Token header of a new request. The tokens are present in the logs because they are being saved unhashed as a part of a GET URI...

9.8CVSS9.3AI score0.08354EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2017/11/21 1:29 p.m.9 views

PYSEC-2017-84

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving unhashed tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allow...

9.8CVSS7.1AI score0.08354EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2017/11/21 1:29 p.m.21 views

Authentication flaw

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving unhashed tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allow...

7.5CVSS9.5AI score0.08354EPSS
Exploits0References5Affected Software3
Rows per page
Query Builder