12 matches found
CVE-2024-25286
...
CVE-2024-25284
CVE-2024-25284 concerns RedSys 3DSecure 2.0, specifically the 3DS Authorization Method. The vulnerability is a reflected Cross‑Site Scripting (XSS) in the threeDSMethod.jsp endpoint, caused by lack of sanitization of the threeDSMethodData parameter. This allows an attacker to inject arbitrary scr...
CVE-2024-25284
...
CVE-2024-25286
...
3DSecure 2.0 3DS Authorization Method Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Method Tested Versions: 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution...
PT-2024-20861 · Unknown · 3Dsecure 2.0
Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 version 3DS Authorization Method Description: A Cross-Site Request Forgery CSRF issue was identified in the Authorization Method of 3DSecure 2.0, allowing for potential exploitation via modified Origin and Referer HTTP headers...
Exploit for Incorrect Authorization in Vmware Spring_Security
CVE 2022-22978: Authorization Bypass in RegexRequestMatcher...
CVE-2017-7572
The checkPolkitPrivilege function in serviceHelper.py in Back In Time aka backintime 1.1.18 and earlier uses a deprecated polkit authorization method unix-process that is subject to a race condition time of check, time of use. With this authorization method, the owner of a process requesting a...
CVE-2017-7572
The checkPolkitPrivilege function in serviceHelper.py in Back In Time aka backintime 1.1.18 and earlier uses a deprecated polkit authorization method unix-process that is subject to a race condition time of check, time of use. With this authorization method, the owner of a process requesting a...
Debian Security Advisory DSA 2234-1 (zodb)
The remote host is missing an update to zodb announced via advisory DSA 2234-1. OpenVAS Vulnerability Test $Id: deb22341.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2234-1 zodb Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian DSA-2234-1 : zodb - several vulnerabilities
Several remote vulnerabilities have been discovered in python-zodb, a set of tools for using ZODB, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0668 The ZEO server doesn't restrict th...
Microsoft Windows NT 4.0 SP5 Terminal Server 4.0 - Pass the Hash with Modified SMB Client
Microsoft Windows NT 4.0 SP5 Terminal Server 4.0 - Pass the Hash with Modified SMB Client source: https://www.securityfocus.com/bid/233/info A modified SMB client can mount shares on an SMB host by passing the username and corresponding LanMan hash of an account that is authorized to access the...