47 matches found
Authentication Bypass
libcups.so is vulnerable to authentication bypass. The CUPS web interface uses an insecure function and seed to generate the session cookie, which results in a predictable token that can be guessed easily by a remote attacker to gain access to the application...
Cross site request forgery (csrf)
In csrf-magic before 1.0.4, if $GLOBALS'csrf''secret' is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used...
MySQL Enterprise Monitor < 2.3.20 Apache Struts Predictable Token XSRF
According to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from ...
CVE-2014-7809
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...
CVE-2014-7809
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...
Cross site request forgery (csrf)
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...
CVE-2014-7809
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...