171 matches found
Limitation of app specific password scope can be bypassed (NC-SA-2017-009)
Improper session handling allowed an application specific password without permission to the files access to the users file...
Nextcloud: Limitation of app specific password scope can be bypassed (NC-SA-2017-009)
Limitation of app specific password scope can be bypassed NC-SA-2017-009 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Authorization CWE-285 Description Improper session handling allowed an application specific password without permission to the files...
Jenkins 1.626 Multiple Vulnerabilities (Feb 2017)
Jenkins is prone to multiple vulnerabilities. This VT has been deprecated and replaced by the VTs SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the Conscrypt component in the Android operating system is related to the incorrect definition of session reutilization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
New Relic: Improper Session Management
When a User successfully login to account there are new 3 links which he/she can visit but when a user Logout from one link ex:- HTTP://insights.newrelic.com/accounts/11 user successfully logout message will appear & logout. Here user will logout from 2 links ex :-...
Netgear 1.0.0.24 Bypass / Improper Session Management
Hi, Can you assign CVE id to this flaw? Details ================ Product Vendor: Netgear Netgear GPL: http://kb.netgear.com/app/answers/detail/aid/2649//netgear-open-source-code-for-programmers-gpl http://www.gnu.org/licenses/gpl.txt Bug Name: Broken Authentication & Improper Session Management i...
Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...
ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability
ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P Affected Products: RSA Da...
ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability
ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 7.4 AV:A/AC:M/Au:S/C:C/I:C/A:C Affected Products: RSA Da...
PHPsFTPd - Admin password leak
Author: Stefan Lochbihler Date: 11. Juli 2005 Affected Software: PHPsFTPd Software Version: 0.2 - 0.4 Software URL: http://phpsftpd.sourceforge.net/ Attack: Admin password leak about PHPsFTPd: PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be...
Multiple Vulnerabilties In PHPLinks
phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link farm or search engine. phpLinks has multilevel site categorization, infinite threaded search capabilities and more. phpLinks is very simple to setup There lies a fault in the include/add.php script that...