Lucene search
+L

49 matches found

Github Security Blog
Github Security Blog
added 2019/07/30 8:47 p.m.44 views

python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...

8.8CVSS2.1AI score0.00828EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2017/05/17 2:29 p.m.21 views

CVE-2016-3403

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...

8.8CVSS9.2AI score0.01361EPSS
Exploits2References8
CVE
CVE
added 2017/05/17 2:0 p.m.59 views

CVE-2016-3403

Zimbra Collaboration Server (Admin Console) vulnerable to multiple CSRF flaws in versions before 8.6.0 Patch 8. CSRF tokens and referer header checks are not enforced, enabling remote attackers to hijack administrator sessions and perform add/modify/remove account actions (bugs 100885/100899). Re...

8.8CVSS9.1AI score0.01361EPSS
Exploits2References8Affected Software1
Cvelist
Cvelist
added 2017/05/17 2:0 p.m.25 views

CVE-2016-3403

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...

9.3AI score0.01361EPSS
Exploits2References8
OSV
OSV
added 2017/03/29 3:59 p.m.3 views

DEBIAN-CVE-2017-7303

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 because of missing a check in the findlink function for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash...

7.5CVSS9.1AI score0.02217EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

CGI RESCUE WebFORM allows unauthorized email transmission

Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...

5CVSS6.8AI score0.01491EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

CGI RESCUE WebFORM allows unauthorized email transmission

Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...

7.5CVSS6.8AI score0.01709EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2004/09/23 12:0 a.m.31 views

Mandrake Linux Security Advisory : mpg123 (MDKSA-2004:100)

A vulnerability in mpg123 was discovered by Davide Del Vecchio where certain malicious mpg3/2 files would cause mpg123 to fail header checks, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123 CVE-2004-0805. As well, an older vulnerability in...

7.5CVSS6.4AI score0.14165EPSS
Exploits1References2
securityvulns
securityvulns
added 2000/08/02 12:0 a.m.31 views

Ip packet filtering with bridging on freebsd

If someone is doing packet filtering using ipfw to do packet filtering with a FreeBSD box configured to do bridging, it is relatively easy to make the box go "boom" as none of the standard header sanity checks are done prior to the filter routine being called check /sys/net/bridge.c It is a featu...

0.6AI score
Exploits0
Rows per page
Query Builder