49 matches found
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...
CVE-2016-3403
Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...
CVE-2016-3403
Zimbra Collaboration Server (Admin Console) vulnerable to multiple CSRF flaws in versions before 8.6.0 Patch 8. CSRF tokens and referer header checks are not enforced, enabling remote attackers to hijack administrator sessions and perform add/modify/remove account actions (bugs 100885/100899). Re...
CVE-2016-3403
Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...
DEBIAN-CVE-2017-7303
The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 because of missing a check in the findlink function for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash...
CGI RESCUE WebFORM allows unauthorized email transmission
Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...
CGI RESCUE WebFORM allows unauthorized email transmission
Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...
Mandrake Linux Security Advisory : mpg123 (MDKSA-2004:100)
A vulnerability in mpg123 was discovered by Davide Del Vecchio where certain malicious mpg3/2 files would cause mpg123 to fail header checks, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123 CVE-2004-0805. As well, an older vulnerability in...
Ip packet filtering with bridging on freebsd
If someone is doing packet filtering using ipfw to do packet filtering with a FreeBSD box configured to do bridging, it is relatively easy to make the box go "boom" as none of the standard header sanity checks are done prior to the filter routine being called check /sys/net/bridge.c It is a featu...