Lucene search
K

171 matches found

Nextcloud
Nextcloud
added 2017/05/08 12:0 a.m.31 views

Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

Improper session handling allowed an application specific password without permission to the files access to the users file...

4.3CVSS2.5AI score0.00985EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2016/12/17 4:38 p.m.90 views

Nextcloud: Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

Limitation of app specific password scope can be bypassed NC-SA-2017-009 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Authorization CWE-285 Description Improper session handling allowed an application specific password without permission to the files...

4.3CVSS0.7AI score0.00985EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/08/31 12:0 a.m.12 views

Jenkins 1.626 Multiple Vulnerabilities (Feb 2017)

Jenkins is prone to multiple vulnerabilities. This VT has been deprecated and replaced by the VTs SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

7.2AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/08/23 12:0 a.m.7 views

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Conscrypt component in the Android operating system is related to the incorrect definition of session reutilization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.02136EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2016/05/16 6:33 p.m.33 views

New Relic: Improper Session Management

When a User successfully login to account there are new 3 links which he/she can visit but when a user Logout from one link ex:- HTTP://insights.newrelic.com/accounts/11 user successfully logout message will appear & logout. Here user will logout from 2 links ex :-...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/01/11 12:0 a.m.40 views

Netgear 1.0.0.24 Bypass / Improper Session Management

Hi, Can you assign CVE id to this flaw? Details ================ Product Vendor: Netgear Netgear GPL: http://kb.netgear.com/app/answers/detail/aid/2649//netgear-open-source-code-for-programmers-gpl http://www.gnu.org/licenses/gpl.txt Bug Name: Broken Authentication & Improper Session Management i...

0.3AI score
Exploits0
Typo3
Typo3
added 2014/05/22 12:0 a.m.179 views

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...

6CVSS6AI score0.04465EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.72 views

ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability

ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P Affected Products: RSA Da...

2.7CVSS0.4AI score0.00506EPSS
Exploits1
securityvulns
securityvulns
added 2014/04/01 12:0 a.m.49 views

ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability

ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 7.4 AV:A/AC:M/Au:S/C:C/I:C/A:C Affected Products: RSA Da...

2.7CVSS0.4AI score0.00506EPSS
Exploits1
securityvulns
securityvulns
added 2005/07/14 12:0 a.m.42 views

PHPsFTPd - Admin password leak

Author: Stefan Lochbihler Date: 11. Juli 2005 Affected Software: PHPsFTPd Software Version: 0.2 - 0.4 Software URL: http://phpsftpd.sourceforge.net/ Attack: Admin password leak about PHPsFTPd: PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/01/21 12:0 a.m.34 views

Multiple Vulnerabilties In PHPLinks

phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link farm or search engine. phpLinks has multilevel site categorization, infinite threaded search capabilities and more. phpLinks is very simple to setup There lies a fault in the include/add.php script that...

6.3AI score
Exploits0
Rows per page
Query Builder