CVE-2020-3681

Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code...

Server side request forgery (ssrf)

SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...

Crypt::Perl Data Forgery Issue Vulnerability

Perl is a general-purpose, interpreted, dynamic, cross-platform programming language from the Perl community.Crypt:: Perl is one of the cryptographic modules. A data forgery issue vulnerability exists in Crypt::Perl::ECDSA in versions of Crypt::Perl prior to 0.32 Perl, which stems from a program...

Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers IOS XE Data Forgery Issue Vulnerability

Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A data forgery vulnerability exists in Cisco IOS XE IPsec VPN in Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers, which arises from the...

Cisco Webex Business Suite Data Forgery Issue Vulnerability

Cisco Webex Business Suite is a set of video conferencing solutions from the U.S. company Cisco Cisco. A data forgery vulnerability exists in Cisco Webex Business Suite versions prior to 39.1.0, which stems from the program failing to properly validate the 'host' field in the message header. An...

Google Chrome Developer Tools Data Forgery Issue Vulnerability

Google Chrome is a web browser from Google, and Developer Tools is one of the developer tools components. A data forgery vulnerability exists in Google Chrome Developer Tools. The vulnerability can be exploited to execute arbitrary code via specially crafted HTML pages...

WordPress Code Snippets Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin Code Snippets. An attacker can exploit the...

Cross site request forgery (csrf)

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery CSRF vulnerability. Please be aware that the Demo application is not enabled by default...

Mozilla Firefox ESR < 24.8.1 RSA Signature Forgery in NSS

Binary data 701238.prm...

ownCloud 10.3.0 stable - Cross-Site Request Forgery Vulnerability

Exploit for linux platform in category web applications Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity an...

Cross-site Request Forgery (CSRF)

phpMyAdmin is vulnerable to cross-site request forgery CSRF. The attack is possible when the attacker sends a fake hyperlink containing the request, executing on behalf the user, acting as a phpMyAdmin user deleting any server in the Setup page...

PT-2019-5216 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.4 Description: The issue is related to a Server Side Request Forgery SSRF vulnerability. This occurs because URL validation does not consider the interpretation of a name as a series of hex characters...

WordPress Category Specific RSS feed Subscription plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Category Specific RSS feed Subscription is an RSS feed plugin used in it. A cross-site request forgery vulnerability exists in WordPres...

Inateck Technology WP1001 Data Forgery Issue Vulnerability

The Inateck Technology WP1001 is a wireless presentation remote control from Inateck Technology, USA. A vulnerability exists in the Inateck Technology WP1001 v1.3C for data forgery issues. The vulnerability arises from a networked system or product that does not adequately validate the origin or...

DEBIAN-CVE-2018-16152

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge...

CloudBees Jenkins Black Duck Hub Plugin Denial of Service Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Black Duck Hub Plugin is used in one...

DEBIAN-CVE-2018-0733

Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...

Datto Backup Agent Forgery Vulnerability

Datto Backup Agent is a set of data backup agent software from Datto Inc. in the United States. A forgery vulnerability exists in Datto Backup Agent version 1.0.6.0 and earlier. An attacker can exploit this vulnerability to spoof the Datto Backup Appliance and send requests to the agent...

IBM Maximo Asset Management Forgery Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A forgery...