106 matches found
Philips e-Alert Information Disclosure Vulnerability (CNVD-2019-28283)
Philips e-Alert is an electronic alert solution for MRI systems from Philips in the Netherlands, which is used to monitor and alert on MRI system performance. A security vulnerability exists in Philips e-Alert R2.1 and prior versions, which stems from the program not properly limiting the size of...
Philips e-Alert Information Disclosure Vulnerability (CNVD-2019-28284)
Philips e-Alert is an electronic alert solution for MRI systems from Philips in the Netherlands, which is used to monitor and alert on MRI system performance. A session fixation vulnerability exists in Philips e-Alert R2.1 and prior versions. An attacker could exploit the vulnerability to steal...
CVE-2018-10232
Cross-site request forgery CSRF vulnerability in TOPdesk before 8.05.017 June 2018 version and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors...
CVE-2018-8025
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...
CVE-2018-8025
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...
CVE-2018-8025
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...
Authorization Bypass
hbase-thrift is vulnerable to authorization bypasses. The library contains a race-condition where authenticated sessions could get mixed up and cause users to be authenticated as another user. This only affects the optional Thrift 1 API server...
The vulnerability of LiteSpeed web application server’s software lies in the lack of protection for operational data, allowing attackers to obtain confidential information.
The vulnerability of LiteSpeed web application server software lies in the lack of protection for service data. This allows attackers to access content from random memory segments such as random parts of HTTP requests sent to the server earlier. Exploiting this vulnerability can enable remote...
CVE-2017-13761
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses...
CVE-2017-8056
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity XXE, in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new...
Kirby CMS 2.1.0 - Authentication Bypass
============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: Medium/High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 Authentication Bypass via Path Traversal II. BACKGROUND...
AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk Project Security Advisory - AST-2015-001 Product Asterisk Summary File descriptor leak when incompatible codecs are offered Nature of Advisory Resource exhaustion Susceptibility Remote Authenticated Sessions Severity Major Exploits Known No Reported On 6 January, 2015 Reported By Y Ateya...
AST-2014-018: AMI permission escalation through DB dialplan function
Asterisk Project Security Advisory - AST-2014-018 Product Asterisk Summary AMI permission escalation through DB dialplan function Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On November 17, 2014 Reported By Gareth...
AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling
Asterisk Project Security Advisory - AST-2014-004 Product Asterisk Summary Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling Nature of Advisory Denial of Service Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On January 14th, 2014...
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation
Asterisk Project Security Advisory - AST-2013-007 Product Asterisk Summary Asterisk Manager User Dialplan Permission Escalation Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known None Reported On November 25, 2013 Reported By Matt...
AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability
Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 30, 2012 Reported By Christoph Hebeisen,...
AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability
Asterisk Project Security Advisory - AST-2012-008 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 22, 2012 Reported By Christoph Hebeisen...
AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver
Asterisk Project Security Advisory - AST-2012-006 Product Asterisk Summary Remote Crash Vulnerability in SIP Channel Driver Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On April 16, 2012 Reported By Thomas Arimont Posted...
AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver
Asterisk Project Security Advisory - AST-2012-005 Product Asterisk Summary Heap Buffer Overflow in Skinny Channel Driver Nature of Advisory Exploitable Heap Buffer Overflow Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On March 26, 2012 Reported By Russell...
AST-2011-012: Remote crash vulnerability in SIP channel driver
Asterisk Project Security Advisory - AST-2011-012 Product Asterisk Summary Remote crash vulnerability in SIP channel driver Nature of Advisory Remote crash Susceptibility Remote authenticated sessions Severity Critical Exploits Known No Reported On October 4, 2011 Reported By Ehsan Foroughi Poste...