181 matches found
Mozilla Thunderbird < 91.9
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs...
Debian DSA-5129-1 : firefox-esr - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5129 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...
Mozilla Thunderbird < 91.9
The version of Thunderbird installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in...
CVE-2022-29912
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
Oracle Linux 7 : firefox (ELSA-2022-1703)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-1703 advisory. 91.9.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.j...
CVE-2022-29912
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of requests initiated through the reader mode did not properly omit cookies with a SameSite attribute...
Mozilla Firefox ESR < 91.9
The version of Firefox ESR installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-17 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safet...
Mozilla Firefox ESR < 91.9
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-17 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported...
Mozilla Firefox < 100.0
The version of Firefox installed on the remote Windows host is prior to 100.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-16 advisory. - Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in...
HTTP Method Spoofing
Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests...
CVE-2021-43807
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...
CVE-2021-43807
Opencast is vulnerable to HTTP method spoofing in versions prior to 9.10. An attacker can override the intended HTTP method via a URL parameter, turning GET into PUT or form submissions into DELETE, enabling state-changing actions and CSRF bypasses. The issue is fixed in Opencast 9.10 and 10.0. M...
Cross-Site Request Forgery (CSRF) in star7th/showdoc
✍️ Description With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker website. We can bypass the CSRF Protection if we put our payload on a iframe or a html file and send them to victim as after that the Origin header will be set to null and we can bypass...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any contact with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Document with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Invoice with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Campaign with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Organization with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to change password with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP...
Cross-Site Request Forgery (CSRF) in star7th/showdoc
✍️ Description With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker site. 🕵️♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that member with email address [email protected] that already should registered befor have access to...