Lucene search
+L

59 matches found

cnvd
cnvd
added 2018/07/10 12:0 a.m.5 views

Multiple IBM Rational Products Information Disclosure Vulnerabilities (CNVD-2018-23242)

IBM Rational Collaborative Lifecycle Management CLM is a set of collaborative lifecycle management solutions.Rational Quality Manager RQM is a set of collaborative, web-based quality management solutions. IBM Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle management...

4.3CVSS6.1AI score0.00897EPSS
Exploits0References1
nvd
nvd
added 2018/03/16 5:29 p.m.18 views

CVE-2014-4613

Cross-site request forgery CSRF vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php...

6.5CVSS6.7AI score0.03225EPSS
Exploits1References8
cvelist
cvelist
added 2017/10/23 6:0 p.m.37 views

CVE-2015-2878

Multiple cross-site request forgery CSRF vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that 1 add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the 2 Url matching, 3 DNS Inject...

9.2AI score0.04175EPSS
Exploits4References3
hackerone
hackerone
added 2017/10/04 4:6 a.m.47 views

RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.13 and earlier

We received this report via security@ from [email protected], I'm filing here for tracking and visibility purposes... "I was looking at commit 8d91516fb7037ecfb27622f605dc40245e0f8d32, which was the fix for the DNS hijacking issue CVE-2017-0902. The function still handles the DNS response in ...

6.8CVSS0.4AI score0.0475EPSS
Exploits1
nessus
nessus
added 2017/09/20 12:0 a.m.40 views

Fedora 25 : ruby (2017-e136d63c99)

Fix ANSI escape sequence vulnerability CVE-2017-0899. - Fix DoS vulnerability in the query command CVE-2017-0900. - Fix a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files CVE-2017-0901. - Fix DNS request hijacking vulnerability CVE-2017-0902. - Fix...

9.8CVSS7.1AI score0.29442EPSS
Exploits6References6
freebsd
freebsd
added 2017/08/29 12:0 a.m.22 views

rubygems -- multiple vulnerabilities

Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...

1.2AI score
Exploits0References1
hackerone
hackerone
added 2017/04/02 5:31 p.m.56 views

RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier

Description: The RubyGems client supports a gem server API discovery functionality, which is used when pushing or pulling gems to a gem distribution/hosting server, like RubyGems.org. This functionality is provided via a SRV DNS request to the users gem source hostname prepended with...

6.8CVSS0.2AI score0.08934EPSS
Exploits1
packetstorm
packetstorm
added 2016/06/17 12:0 a.m.90 views

SAP NetWeaver AS JAVA 7.5 Cross Site Scripting

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XSS Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn Vardanyan ERPScan...

4.3CVSS0.3AI score0.01611EPSS
Exploits2
nessus
nessus
added 2015/05/18 12:0 a.m.32 views

FreeBSD : rubygems -- request hijacking vulnerability (a0089e18-fc9e-11e4-bc58-001e67150279)

Jonathan Claudius reports : RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specifically a SRV record rubygems.tcp under the original requested domain. RubyGems did not...

5CVSS7.5AI score0.08934EPSS
Exploits0References4
hackerone
hackerone
added 2015/05/06 12:0 a.m.36 views

RubyGems: Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356...

5CVSS8.1AI score0.08934EPSS
Exploits0
erpscan
erpscan
added 2015/01/09 12:0 a.m.18 views

SAP NetWeaver 7.4 (MDT component) - XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: XSS Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2206793 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

0.2AI score
Exploits0
prion
prion
added 2015/01/03 11:59 a.m.16 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create categories via a data array to news/saveCategories or 2 modify credentials via a data array to admin/saveUser...

6.8CVSS7.8AI score0.0106EPSS
Exploits1References1Affected Software1
threatpost
threatpost
added 2013/10/30 11:54 a.m.12 views

HTTP Request Hijacking Attacks Threaten Mobile Apps

Thousands of mobile apps developed for the Apple iOS platform can be forced to display phony, even malicious content, because of a vulnerability that allows an attacker to redirect traffic to a third-party site and persistently serve content from that location. Researchers from Israeli mobile...

6.5AI score
Exploits0References2
thn
thn
added 2013/10/30 7:51 a.m.17 views

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

Security researchers Adi Sharabani and Yair Amit have disclosed details about a widespread vulnerability in iOS apps, that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the...

6.6AI score
Exploits0
thn
thn
added 2013/10/29 8:51 p.m.29 views

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

Security researchers Adi Sharabani and Yair Amit have disclosed details about a widespread vulnerability in iOS apps, that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the...

6.6AI score
Exploits0
packetstorm
packetstorm
added 2013/06/26 12:0 a.m.30 views

PHP Charts 1.0 Remote Code Execution

!/usr/bin/python Original Advisory came from: http://packetstormsecurity.com/files/119582/PHP-Charts-1.0-Code-Execution.html infodox - insecurety.net import requests import random import threading import sys def genpayloadhost, port: """ Perl Reverse Shell Generator """ load = """perl -e 'use...

Exploits0
ubuntucve
ubuntucve
added 2012/09/05 11:55 p.m.26 views

CVE-2012-4393

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...

6.8CVSS5.9AI score0.01097EPSS
Exploits1References2
prion
prion
added 2010/09/24 7:0 p.m.18 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest...

6.8CVSS6.6AI score0.00958EPSS
Exploits0References17Affected Software1
cert
cert
added 2005/02/04 12:0 a.m.69 views

Single crafted HTTP request may result in multiple responses

Overview Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes...

4.3CVSS3.2AI score0.29784EPSS
Exploits4References4
Rows per page
Query Builder