Lucene search
K

101 matches found

CNNVD
CNNVD
added 2022/06/27 12:0 a.m.62 views

ZEIT Next.js 代码问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. NextAuth.js is the authentication for Next.js. A code issue vulnerability exists in Next.js NextAuth.js versions prior to 3.29.5 and prior to 4.5.0 that stems from a lack of validati...

7.5CVSS7.4AI score0.01571EPSS
Exploits0References5
0day.today
0day.today
added 2021/04/14 12:0 a.m.79 views

Horde Groupware Webmail Edition 5.2.22 XSS / Remote Code Execution Exploit

Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the HordeTextFilter library. Exploit Title: Remote code execution XSS HordeTextFilter library Webmail Edition through 5.2.22 Author: Alex Birnberg Testing and Debugging: Ventsislav...

6.1CVSS0.04944EPSS
Exploits7
Citrix
Citrix
added 2021/01/07 12:0 a.m.9 views

Common Resolutions to “Cannot Complete Your Request” Error when connecting through Citrix Gateway

Symptoms or Error The “Cannot Complete Your Request” error is displayed whenconnecting through Citrix Gateway. However, this is an error could occur when connecting to StoreFront Server directly or through Load Balancer based on different deployment scenarios. To narrow down through which...

7.1AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2020/12/10 12:0 a.m.44 views

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2226-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

9.8CVSS7.3AI score0.15193EPSS
Exploits4References1
OPENSUSE Linux
OPENSUSE Linux
added 2020/12/08 12:0 a.m.39 views

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2204-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now available...

9.8CVSS7.3AI score0.15193EPSS
Exploits4References1
OPENSUSE Linux
OPENSUSE Linux
added 2020/12/07 12:0 a.m.51 views

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2194-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: This...

9.8CVSS7.3AI score0.15193EPSS
Exploits4References1
OPENSUSE Linux
OPENSUSE Linux
added 2020/12/04 12:0 a.m.81 views

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2160-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available. Description: This...

9.8CVSS7.3AI score0.15193EPSS
Exploits4References1
OSV
OSV
added 2018/09/10 3:29 p.m.4 views

CVE-2018-3897

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the...

8.8CVSS6.1AI score0.01534EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2018/08/23 12:0 a.m.8 views

PT-2018-16260 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A buffer overflow issue exists in the samsungWifiScan handler of video-core's HTTP server. The video-core process incorrectly extracts fields from a user-controlled JSON payload...

9.9CVSS9.6AI score0.01534EPSS
Exploits2References3
Veracode
Veracode
added 2018/01/30 6:37 a.m.11 views

Session Fixation

github.com/ory/hydra is vulnerable to session fixation attacks. A malicious user can pass a consent uri missing a CSRF token to the user and log in afterwards as that user through a callback url...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/10/18 5:59 p.m.28 views

Inflection: Malicious callback url can be set while creating application in identity

Researcher found that while creating any application in identity, you are required to provide callback url. If you provide a malicious callback url then javascript will stop you from submitting form. But their is no server side validation and we can use an application proxy to bypass the javascri...

1AI score
Exploits0
Citrix
Citrix
added 2017/02/28 12:0 a.m.10 views

How to Import NetScaler exported configuration: File-Introduction and Requirements?

With StoreFront 3.7, we introduced the ability to import an exported configuration from NetScaler Gateway. With the introduction of this feature, we enhance the capabilities previously available by allowing multiple vServers to be imported from a single configuration file. The Remote access...

7.2AI score
Exploits0
myhack58
myhack58
added 2014/05/15 12:0 a.m.16 views

For recent“Bo global eye OAuth vulnerability”analysis and preventive recommendations-vulnerability warning-the black bar safety net

! 5 According to Cnet reports, Nanyang Technological University, Singapore named Wang Jing PhD student, found that the OAuth and OpenID open source login tools the“covert redirect”vulnerabilityCovert Redirect to. First of all need to clear point is that the vulnerability is not present in the OAu...

7.9AI score
Exploits0
myhack58
myhack58
added 2014/05/08 12:0 a.m.13 views

For the recent Bosch global eye OAuth vulnerability analysis and preventive recommendations-vulnerability warning-the black bar safety net

According to CnetreportsSingapore Nanyang Technological University, a man named Wang Jing PhD student, found that the OAuth and OpenID open source login tools the“covert redirect”vulnerabilityCovert Redirect to. First of all need to clear point is that the vulnerability is not present in the OAut...

7.2AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 1:47 p.m.31 views

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/16 1:47 p.m.20 views

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/16 1:47 p.m.23 views

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

2.5AI score
Exploits0
OpenVAS
OpenVAS
added 2010/08/19 12:0 a.m.22 views

phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities

This host is installed with phpCAS and is prone to session hijacking and cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbphpcassessionhijacknxssvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities Authors: Madhuri...

4CVSS0.3AI score0.02517EPSS
Exploits0References4
NVD
NVD
added 2010/08/05 6:17 p.m.11 views

CVE-2010-2796

Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...

2.6CVSS5.4AI score0.02517EPSS
Exploits0References19
Prion
Prion
added 2010/08/05 6:17 p.m.10 views

Cross site scripting

Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...

2.6CVSS5.9AI score0.02517EPSS
Exploits0References19Affected Software1
Rows per page
Query Builder