101 matches found
ZEIT Next.js 代码问题漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. NextAuth.js is the authentication for Next.js. A code issue vulnerability exists in Next.js NextAuth.js versions prior to 3.29.5 and prior to 4.5.0 that stems from a lack of validati...
Horde Groupware Webmail Edition 5.2.22 XSS / Remote Code Execution Exploit
Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the HordeTextFilter library. Exploit Title: Remote code execution XSS HordeTextFilter library Webmail Edition through 5.2.22 Author: Alex Birnberg Testing and Debugging: Ventsislav...
Common Resolutions to “Cannot Complete Your Request” Error when connecting through Citrix Gateway
Symptoms or Error The “Cannot Complete Your Request” error is displayed whenconnecting through Citrix Gateway. However, this is an error could occur when connecting to StoreFront Server directly or through Load Balancer based on different deployment scenarios. To narrow down through which...
Security update for minidlna (moderate)
openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2226-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...
Security update for minidlna (moderate)
openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2204-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now available...
Security update for minidlna (moderate)
openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2194-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: This...
Security update for minidlna (moderate)
openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2160-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available. Description: This...
CVE-2018-3897
An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the...
PT-2018-16260 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A buffer overflow issue exists in the samsungWifiScan handler of video-core's HTTP server. The video-core process incorrectly extracts fields from a user-controlled JSON payload...
Session Fixation
github.com/ory/hydra is vulnerable to session fixation attacks. A malicious user can pass a consent uri missing a CSRF token to the user and log in afterwards as that user through a callback url...
Inflection: Malicious callback url can be set while creating application in identity
Researcher found that while creating any application in identity, you are required to provide callback url. If you provide a malicious callback url then javascript will stop you from submitting form. But their is no server side validation and we can use an application proxy to bypass the javascri...
How to Import NetScaler exported configuration: File-Introduction and Requirements?
With StoreFront 3.7, we introduced the ability to import an exported configuration from NetScaler Gateway. With the introduction of this feature, we enhance the capabilities previously available by allowing multiple vServers to be imported from a single configuration file. The Remote access...
For recent“Bo global eye OAuth vulnerability”analysis and preventive recommendations-vulnerability warning-the black bar safety net
! 5 According to Cnet reports, Nanyang Technological University, Singapore named Wang Jing PhD student, found that the OAuth and OpenID open source login tools the“covert redirect”vulnerabilityCovert Redirect to. First of all need to clear point is that the vulnerability is not present in the OAu...
For the recent Bosch global eye OAuth vulnerability analysis and preventive recommendations-vulnerability warning-the black bar safety net
According to CnetreportsSingapore Nanyang Technological University, a man named Wang Jing PhD student, found that the OAuth and OpenID open source login tools the“covert redirect”vulnerabilityCovert Redirect to. First of all need to clear point is that the vulnerability is not present in the OAut...
OAuth Administration screen is visible to anonymous users
If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...
OAuth Administration screen is visible to anonymous users
If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...
OAuth Administration screen is visible to anonymous users
If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...
phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities
This host is installed with phpCAS and is prone to session hijacking and cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbphpcassessionhijacknxssvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities Authors: Madhuri...
CVE-2010-2796
Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...
Cross site scripting
Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...