Lucene search
K

1619 matches found

Prion
Prion
added 2018/03/19 6:29 p.m.25 views

Improper access control

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

6.5CVSS8.7AI score0.0099EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2018/03/19 6:29 p.m.24 views

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

8.8CVSS8.9AI score0.0099EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/19 6:0 p.m.26 views

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

8.8AI score0.0099EPSS
Exploits0References1
OSV
OSV
added 2018/02/17 7:29 a.m.4 views

CVE-2018-5983

SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request...

9.8CVSS5.8AI score0.02703EPSS
Exploits5References1
Hacker One
Hacker One
added 2018/02/10 7:34 p.m.26 views

Semrush: [oauth token leak] at oauth.semrush.com

Domain, site, application --- oauth.semrush.com Steps to reproduce --- 1 Create following html at attacker.com/postmessage.html function listenerevent alertJSON.stringifyevent.data; var dest =...

6.2AI score
Exploits0
Exploit DB
Exploit DB
added 2018/01/28 12:0 a.m.61 views

Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP)

EDB Note http://ps3xploit.com/help/dumper.html EDB Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44820.zip Dumper Help Warning: Due to the lack of proper checks after exiting the ROP chain, it is possible in some cases to obtain a success message despit...

7.4AI score
Exploits0
Citrix
Citrix
added 2017/12/08 12:0 a.m.6 views

Controlling Citrix Workspace app Refresh Time

Note:- This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team. Citrix Workspace app would periodically refresh the resources from the server. By default, periodic refresh happens every 60 minutes after th...

7AI score
Exploits0
Veracode
Veracode
added 2017/10/27 2:26 a.m.32 views

Reusable Refresh Tokens

Keycloak services has resuable refresh tokens. If an attacker using a pre-compromised system creates a refresh token pair, this token can be used indefinitely regardless of permission revocation...

7.2CVSS6.9AI score0.01887EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2017/10/26 5:29 p.m.3 views

CVE-2017-12160

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...

7.2CVSS5.8AI score0.01887EPSS
Exploits0References4
OSV
OSV
added 2017/10/26 1:29 p.m.2 views

CVE-2017-7335

A Cross-Site Scripting XSS vulnerability in Fortinet FortiWLC 6.1-x 6.1-2, 6.1-4 and 6.1-5; 7.0-x 7.0-7, 7.0-8, 7.0-9, 7.0-10; and 8.x 8.0, 8.1, 8.2 and 8.3.0-8.3.2 allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" prese...

5.4CVSS5.9AI score0.00538EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/10/17 7:53 p.m.3 views

keycloak: resource privilege extension via access token in oauth

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...

7.2CVSS5.8AI score0.01887EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/10/17 7:42 p.m.5 views

keycloak: resource privilege extension via access token in oauth

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...

7.2CVSS5.8AI score0.01887EPSS
Exploits0References4
Citrix
Citrix
added 2017/10/16 12:0 a.m.10 views

WEM Agent does not place icons on desktop at first logon

When first logging into a VDA, the WEM Agent does not push out all the Desktop Icons that are assigned to the user. The WEM agent must be manually refreshed to make the Icons appear: Initial Login with no application Icons: Manually refresh the WEM Agent by right clicking the Wem Agent Icon from...

7AI score
Exploits0
Citrix
Citrix
added 2017/10/13 12:0 a.m.10 views

WEM Agent Error: "Connection state changed - WEM agent has detected that the network connection has been lost. Click here to refresh your environment settings"

Random WEM Agent machinesintermittently display the following pop up error message: "WEM Agent Error: "Connection state changed - WEM agent has detected that the network connection has been lost. Click here to refresh your environment settings"...

7AI score
Exploits0
NVD
NVD
added 2017/10/11 1:32 a.m.15 views

CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

6.1CVSS5.9AI score0.0107EPSS
Exploits1References3
OSV
OSV
added 2017/10/11 1:32 a.m.2 views

DEBIAN-CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

6.1CVSS6.3AI score0.0107EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/10/10 5:0 a.m.28 views

CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

5.8AI score0.0107EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2017/10/10 5:0 a.m.18 views

CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

6.1CVSS6.3AI score0.0107EPSS
Exploits1
FreeBSD
FreeBSD
added 2017/10/10 12:0 a.m.22 views

cacti -- Cross Site Scripting issue

cacti developers report: The file include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

6.1CVSS6AI score0.0107EPSS
Exploits1References3
Citrix
Citrix
added 2017/10/06 12:0 a.m.9 views

WEM Agent Connection error: "Broker Server Name or Broker Port Error"

WEM Agent fails to connect to the WEM Broker and shows the following error when manually refreshing the WEM cache using this command: AgentCacheUtility.exe -refreshcache: "Broker Server Name or Broker Port Error"...

7.1AI score
Exploits0
Rows per page
Query Builder