1619 matches found
Improper access control
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...
CVE-2018-1195
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...
CVE-2018-1195
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...
CVE-2018-5983
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request...
Semrush: [oauth token leak] at oauth.semrush.com
Domain, site, application --- oauth.semrush.com Steps to reproduce --- 1 Create following html at attacker.com/postmessage.html function listenerevent alertJSON.stringifyevent.data; var dest =...
Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP)
EDB Note http://ps3xploit.com/help/dumper.html EDB Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44820.zip Dumper Help Warning: Due to the lack of proper checks after exiting the ROP chain, it is possible in some cases to obtain a success message despit...
Controlling Citrix Workspace app Refresh Time
Note:- This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team. Citrix Workspace app would periodically refresh the resources from the server. By default, periodic refresh happens every 60 minutes after th...
Reusable Refresh Tokens
Keycloak services has resuable refresh tokens. If an attacker using a pre-compromised system creates a refresh token pair, this token can be used indefinitely regardless of permission revocation...
CVE-2017-12160
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...
CVE-2017-7335
A Cross-Site Scripting XSS vulnerability in Fortinet FortiWLC 6.1-x 6.1-2, 6.1-4 and 6.1-5; 7.0-x 7.0-7, 7.0-8, 7.0-9, 7.0-10; and 8.x 8.0, 8.1, 8.2 and 8.3.0-8.3.2 allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" prese...
keycloak: resource privilege extension via access token in oauth
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...
keycloak: resource privilege extension via access token in oauth
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...
WEM Agent does not place icons on desktop at first logon
When first logging into a VDA, the WEM Agent does not push out all the Desktop Icons that are assigned to the user. The WEM agent must be manually refreshed to make the Icons appear: Initial Login with no application Icons: Manually refresh the WEM Agent by right clicking the Wem Agent Icon from...
WEM Agent Error: "Connection state changed - WEM agent has detected that the network connection has been lost. Click here to refresh your environment settings"
Random WEM Agent machinesintermittently display the following pop up error message: "WEM Agent Error: "Connection state changed - WEM agent has detected that the network connection has been lost. Click here to refresh your environment settings"...
CVE-2017-15194
include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...
DEBIAN-CVE-2017-15194
include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...
CVE-2017-15194
include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...
CVE-2017-15194
include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...
cacti -- Cross Site Scripting issue
cacti developers report: The file include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...
WEM Agent Connection error: "Broker Server Name or Broker Port Error"
WEM Agent fails to connect to the WEM Broker and shows the following error when manually refreshing the WEM cache using this command: AgentCacheUtility.exe -refreshcache: "Broker Server Name or Broker Port Error"...