232 matches found
PT-2024-13716 · Hongdian · H8951-4G-Esp +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The authentication cookies are generated using an algorithm based on the username, a hardcoded secret, and the up-time, and can be guessed in a reasonab...
Info-stealers can steal cookies for permanent access to your Google account
Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication MFA the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password...
Microsoft Dynamics 365 安全漏洞
Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A cross-site scripting vulnerability exists in Microsoft Dynamics 365 on-premises,...
F5 BIG-IP Configuration utility 跨站脚本漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to steal a victim's cookie-bas...
WordPress Plugin photo-gallery 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Photo Gallery, which can be exploited by an attacker to execute script in a victim's web...
GHSA-GV7G-X59X-WF8F SvelteKit framework has Insufficient CSRF protection for CORS requests
Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
SvelteKit framework has Insufficient CSRF protection for CORS requests
Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
Cross site request forgery (csrf)
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
CVE-2023-29008 SvelteKit framework has Insufficient CSRF protection for CORS requests
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
CVE-2023-29008 SvelteKit framework has Insufficient CSRF protection for CORS requests
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
PT-2023-22082 · Sveltekit · Sveltekit
Name of the Vulnerable Software and Affected Versions: SvelteKit versions prior to 1.15.2 Description: The SvelteKit framework provides out-of-the-box cross-site request forgery CSRF protection. However, this protection can be bypassed in versions prior to 1.15.2 by specifying an upper-cased...
K10065173: TMM TLS virtual server vulnerability CVE-2019-6593
Security Advisory Description A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker...
WordPress plugin Ezoic 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Ezoic 2.8.8 and earlier versions, which stems from a lack of effective filtering and...
Password Storage Application 跨站脚本漏洞
Password Storage Application is a password storage application. A cross-site scripting vulnerability exists in the Carlo Montero Password Storage Application, which stems from a lack of effective filtering and escaping of user-supplied data on the settings page, and can be exploited by an attacke...
Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...
YTStealer targets YouTube content creators
Researchers are reporting the discovery of malware targeting YouTub content creators. The aim is to compromise accounts and then take over the victims channels completely. The malware, dubbed YTStealer, has one game plan: Grabbing authentication cookies. A site gives you an authentication cookie...
New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators
Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fa...
DEBIAN-CVE-2022-24758
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...
PT-2022-16860 · Unknown +3 · Jupyter Notebook +3
Name of the Vulnerable Software and Affected Versions: Jupyter notebook versions prior to 6.4.9 Description: The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a...
DEBIAN-CVE-2022-24757
The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are...