250 matches found
SonicWall SRA/SMA SQL注入漏洞
Sonicwall SRA and Sonicwall SMA are both security protection products for enterprise managed security access from SonicWall USA. SonicWallSRA/SMA suffers from a SQL injection vulnerability that allows a remote, unauthenticated attacker to execute SQL statements to steal sensitive internal account...
Helpful iSCSI Commands
This article contains helpful iSCSI commands. Requirements CLI access to hosts iSCSI storage connections Discover available targets from a discovery portal: iscsiadm -m discovery -t sendtargets -p ipaddress Login to all targets: iscsiadm -m node -l Log into a specific target: iscsiadm -m node -T...
OMERO.web exposes some unnecessary session information in the page
Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...
Sql injection
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x...
Session Information Disclosure Vulnerability
Session is a new type of encrypted private messenger open-sourced by Oxen. An information disclosure vulnerability exists in Netsia SEBA+ version 0.16.1 build 70-e669dcd7, which can be exploited by an attacker to discover a session cookie via a direct session list allActiveSession request...
Cross site request forgery (csrf)
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue with resultant SSRF in the commb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link...
The vulnerabilities affect the implementations of the functions read_fru_area(), read_fru_area_section(), ipmi_spd_print_fru(), ipmi_get_session_info(), ipmi_get_channel_cipher_suites(), and get_lan_param_select(). These functions are used for managing and configuring devices that support IPMI through ipmitool. This allows a malicious individual to cause service interruptions or execute arbitrary code.
The vulnerability of the implementations of several functions such as readfruarea, readfruareasection, ipmispdprintfru, ipmigetsessioninfo, ipmigetchannelciphersuites, and getlanparamselect—utilities for managing and configuring devices that support IPMI—is due to buffer overflows. Exploiting thi...
CVE-2020-8170
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scriptin...
CVE-2020-5331
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further...
Information disclosure
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further...
CVE-2020-5331
RSA Archer contains an information exposure vulnerability in versions prior to 6.7 P3 (6.7.0.3). Affected component is the application’s handling of session data cached/logged by the server, which could allow an authenticated local user with access to log files to obtain sensitive information. Th...
CVE-2020-5331
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further...
U.S. Dept Of Defense: Reflected cross-site scripting vulnerability on a DoD website
Hello there ! I'd like to report a 'XSS' vulnerability on a DoD website https://███/unit/███ , Here in the search engine of the website please enter the following payloads alertdocument.domain & you can even use this payload to steal cookies alertdocument.cookie and hit enter and just scroll you'...
Security update for tryton (moderate)
This update for tryton to version 4.2.19 fixes the following issues: Security issue fixed: - CVE-2018-19443: Fixed an information leakage by attemping to initiate an unencrypted connection, which would fail eventually, but might leak session information of the user boo1117105 This update also...
Information Disclosure
tryton is vulnerable to an information disclosure. The library does not properly connect with SSL encryption when connecting to a bus, causing the connection to be attempted in plaintext. A malicious user can gain access to sensitive session information with a man-in-the-middle MitM attack...
CVE-2018-14690
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...
CVE-2018-14690
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...
Cross site scripting
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...
Cross site scripting
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...
CVE-2018-14691
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...