48 matches found
Anubis 输入验证错误漏洞
Anubis is a tool for Xe Iaso Individual Developers. An input validation error vulnerability exists in Anubis versions prior to 1.23.0, which stems from sub-request authentication not validating the redirection URL, which could result in a redirection to an arbitrary URL scheme...
EUVD-2013-1245
Malware in sbrugna...
EUVD-2010-4655
Malware in sbrugna...
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a hacker to perform a CSRF attack.
The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a remote attacker to carry out a CSRF attack...
CVE-2013-1205
The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485...
CVE-2022-30355
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...
CVE-2022-30359
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...
Cisco IOS XE Software 安全漏洞
Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that stems from...
The vulnerability of Acronis Cyber Protect 15’s data protection software lies in its insufficient verification of the authenticity of executed requests, allowing attackers to access confidential information.
The vulnerability of Acronis Cyber Protect 15 software-related data protection software lies in the insufficient verification of the authenticity of executed requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...
The vulnerability of the IoT Cassia Access Controller’s access control software allows a hacker to perform a CSRF attack.
The vulnerability of the IoT Cassia Access Controller software for managing access to wireless networks is related to insufficient verification of the authenticity of the requests being made. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack from a remote locati...
ever gauzy v0.281.9 - JWT weak HMAC secret Vulnerability
Exploit Title: ever gauzy v0.281.9 - JWT weak HMAC secret Author: nu11secur1ty Vendor: https://gauzy.co/ Software: https://github.com/ever-co/ever-gauzy/releases/tag/v0.281.9 Reference: https://portswigger.net/kb/issues/00200903jwt-weak-hmac-secret Description: It was, detected a JWT signed using...
Horde Groupware Webmail 跨站请求伪造漏洞
Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. PHP is a scripting language that executes on the server side. A cross-site request forgery vulnerability exists in Horde Groupware Webmail that stems from insufficient authentication of the source o...
PYSEC-2021-363
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
CVE-2021-22904
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...
CVE-2021-22904
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...
Denial Of Service (DoS)
actionpack is vulnerable to denial of service. An attacker is able to use authenticateorrequestwithhttptoken or authenticatewithhttptoken for request authentication to cause an application crash...
Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for reques...
The vulnerability of the EEM driver (Ethernet Emulation Mode) of the microprogramming software for smart card readers from the OMNIKEY 5427 and OMNIKEY 5127 series allows a hacker to perform cross-site scripting attacks.
The vulnerability of the EEM driver Ethernet Emulation Mode of the microprogramming software for smart card readers from the OMNIKEY 5427 and OMNIKEY 5127 series is related to insufficient verification of the authenticity of the requests being sent. Exploiting this vulnerability allows a maliciou...
The vulnerability of the FortiOS operating system allows a perpetrator to disclose sensitive information or perform unauthorized user disconnection operations.
The vulnerability of the FortiOS operating system relates to an error in the handling of the Payload parameter and the lack of verification of request authenticity. Exploiting this vulnerability allows a malicious actor to perform cross-site forgery of requests to the /logindisconnect/currentadmi...
The vulnerability in the web interface for managing Cisco HyperFlex hyper-converged infrastructure allows a attacker to execute arbitrary code.
The vulnerability of the web interface for managing Cisco HyperFlex hyper-converged infrastructure is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted link...