Lucene search
+L

181 matches found

Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.38 views

Mozilla Thunderbird < 91.9

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs...

9.8CVSS7.8AI score0.01005EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.31 views

Debian DSA-5129-1 : firefox-esr - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5129 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...

9.8CVSS8.1AI score0.01005EPSS
Exploits3References16
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.36 views

Mozilla Thunderbird < 91.9

The version of Thunderbird installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in...

9.8CVSS7.7AI score0.01005EPSS
Exploits3References9
UbuntuCve
UbuntuCve
added 2022/05/04 12:0 a.m.35 views

CVE-2022-29912

Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.1CVSS6.8AI score0.00644EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2022/05/04 12:0 a.m.32 views

Oracle Linux 7 : firefox (ELSA-2022-1703)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-1703 advisory. 91.9.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.j...

9.8CVSS7.8AI score0.01005EPSS
Exploits3References7
RedhatCVE
RedhatCVE
added 2022/05/03 8:24 p.m.28 views

CVE-2022-29912

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of requests initiated through the reader mode did not properly omit cookies with a SameSite attribute...

6.1CVSS3.2AI score0.00644EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/05/03 12:0 a.m.43 views

Mozilla Firefox ESR < 91.9

The version of Firefox ESR installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-17 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safet...

9.8CVSS8.3AI score0.01005EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2022/05/03 12:0 a.m.32 views

Mozilla Firefox ESR < 91.9

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-17 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported...

9.8CVSS8.3AI score0.01005EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2022/05/03 12:0 a.m.42 views

Mozilla Firefox < 100.0

The version of Firefox installed on the remote Windows host is prior to 100.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-16 advisory. - Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in...

9.8CVSS7.7AI score0.01005EPSS
Exploits5References10
Github Security Blog
Github Security Blog
added 2021/12/14 9:43 p.m.33 views

HTTP Method Spoofing

Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests...

7.5CVSS1.6AI score0.01416EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/12/14 6:15 p.m.33 views

CVE-2021-43807

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...

6.5CVSS6.7AI score
Exploits0References3
CVE
CVE
added 2021/12/14 6:10 p.m.74 views

CVE-2021-43807

Opencast is vulnerable to HTTP method spoofing in versions prior to 9.10. An attacker can override the intended HTTP method via a URL parameter, turning GET into PUT or form submissions into DELETE, enabling state-changing actions and CSRF bypasses. The issue is fixed in Opencast 9.10 and 10.0. M...

7.5CVSS6.6AI score0.01416EPSS
Exploits1References3Affected Software1
Huntr
Huntr
added 2021/09/06 10:18 a.m.17 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

✍️ Description With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker website. We can bypass the CSRF Protection if we put our payload on a iframe or a html file and send them to victim as after that the Origin header will be set to null and we can bypass...

5.8CVSS0.9AI score0.00399EPSS
Exploits1
Huntr
Huntr
added 2021/08/05 3:19 p.m.12 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any contact with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/08/05 3:13 p.m.16 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any Document with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/08/05 3:13 p.m.14 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any Invoice with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/08/05 3:13 p.m.16 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any Campaign with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/08/05 3:12 p.m.9 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any Organization with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/08/05 3:11 p.m.11 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to change password with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP...

1AI score
Exploits0
Huntr
Huntr
added 2021/08/03 6:6 p.m.19 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

✍️ Description With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that member with email address [email protected] that already should registered befor have access to...

4.3CVSS3AI score0.00397EPSS
Exploits1
Rows per page
Query Builder