Lucene search
+L

250 matches found

cnnvd
cnnvd
added 2021/07/15 12:0 a.m.3 views

SonicWall SRA/SMA SQL注入漏洞

Sonicwall SRA and Sonicwall SMA are both security protection products for enterprise managed security access from SonicWall USA. SonicWallSRA/SMA suffers from a SQL injection vulnerability that allows a remote, unauthenticated attacker to execute SQL statements to steal sensitive internal account...

6AI score
Exploits0
citrix
citrix
added 2021/07/12 12:0 a.m.8 views

Helpful iSCSI Commands

This article contains helpful iSCSI commands. Requirements CLI access to hosts iSCSI storage connections Discover available targets from a discovery portal: iscsiadm -m discovery -t sendtargets -p ipaddress Login to all targets: iscsiadm -m node -l Log into a specific target: iscsiadm -m node -T...

6.8AI score
Exploits0
github
github
added 2021/03/23 3:26 p.m.61 views

OMERO.web exposes some unnecessary session information in the page

Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...

6.5CVSS1AI score0.01457EPSS
Exploits0References8Affected Software1
prion
prion
added 2021/02/04 6:15 a.m.36 views

Sql injection

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x...

7.5CVSS9.8AI score0.40038EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2021/01/16 12:0 a.m.7 views

Session Information Disclosure Vulnerability

Session is a new type of encrypted private messenger open-sourced by Oxen. An information disclosure vulnerability exists in Netsia SEBA+ version 0.16.1 build 70-e669dcd7, which can be exploited by an attacker to discover a session cookie via a direct session list allActiveSession request...

7.5CVSS7.1AI score0.03162EPSS
Exploits1References4
prion
prion
added 2020/09/30 6:15 p.m.18 views

Cross site request forgery (csrf)

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue with resultant SSRF in the commb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link...

4.3CVSS6.3AI score0.00478EPSS
Exploits0References1Affected Software2
bdu_fstec
bdu_fstec
added 2020/08/19 12:0 a.m.6 views

The vulnerabilities affect the implementations of the functions read_fru_area(), read_fru_area_section(), ipmi_spd_print_fru(), ipmi_get_session_info(), ipmi_get_channel_cipher_suites(), and get_lan_param_select(). These functions are used for managing and configuring devices that support IPMI through ipmitool. This allows a malicious individual to cause service interruptions or execute arbitrary code.

The vulnerability of the implementations of several functions such as readfruarea, readfruareasection, ipmispdprintfru, ipmigetsessioninfo, ipmigetchannelciphersuites, and getlanparamselect—utilities for managing and configuring devices that support IPMI—is due to buffer overflows. Exploiting thi...

9CVSS8.1AI score0.0329EPSS
Exploits1References13Affected Software7
cvelist
cvelist
added 2020/05/26 3:37 p.m.30 views

CVE-2020-8170

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scriptin...

6.4AI score0.0102EPSS
Exploits0References3
nvd
nvd
added 2020/05/04 7:15 p.m.14 views

CVE-2020-5331

RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further...

8.8CVSS8.4AI score0.0072EPSS
Exploits0References1
prion
prion
added 2020/05/04 7:15 p.m.19 views

Information disclosure

RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further...

2.1CVSS5.2AI score0.0072EPSS
Exploits0References1Affected Software1
cve
cve
added 2020/05/04 6:50 p.m.58 views

CVE-2020-5331

RSA Archer contains an information exposure vulnerability in versions prior to 6.7 P3 (6.7.0.3). Affected component is the application’s handling of session data cached/logged by the server, which could allow an authenticated local user with access to log files to obtain sensitive information. Th...

8.8CVSS5.1AI score0.0072EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2020/05/04 6:50 p.m.17 views

CVE-2020-5331

RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further...

8.8CVSS8.3AI score0.0072EPSS
Exploits0References1
hackerone
hackerone
added 2020/01/14 2:53 p.m.16 views

U.S. Dept Of Defense: Reflected cross-site scripting vulnerability on a DoD website

Hello there ! I'd like to report a 'XSS' vulnerability on a DoD website https://███/unit/███ , Here in the search engine of the website please enter the following payloads alertdocument.domain & you can even use this payload to steal cookies alertdocument.cookie and hit enter and just scroll you'...

6.9AI score
Exploits0
opensuse
opensuse
added 2018/12/22 6:11 p.m.88 views

Security update for tryton (moderate)

This update for tryton to version 4.2.19 fixes the following issues: Security issue fixed: - CVE-2018-19443: Fixed an information leakage by attemping to initiate an unencrypted connection, which would fail eventually, but might leak session information of the user boo1117105 This update also...

4.3CVSS1.9AI score0.00856EPSS
Exploits0References1
veracode
veracode
added 2018/11/23 5:57 a.m.16 views

Information Disclosure

tryton is vulnerable to an information disclosure. The library does not properly connect with SSL encryption when connecting to a bus, causing the connection to be attempted in plaintext. A malicious user can gain access to sensitive session information with a man-in-the-middle MitM attack...

5.9CVSS5.3AI score0.00856EPSS
Exploits0References2Affected Software1
osv
osv
added 2018/09/21 4:29 p.m.4 views

CVE-2018-14690

An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...

6.1CVSS5.7AI score0.00675EPSS
Exploits1References1
nvd
nvd
added 2018/09/21 4:29 p.m.15 views

CVE-2018-14690

An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...

6.1CVSS6AI score0.00675EPSS
Exploits1References1
prion
prion
added 2018/09/21 4:29 p.m.19 views

Cross site scripting

An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
prion
prion
added 2018/09/21 4:29 p.m.20 views

Cross site scripting

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2018/09/21 4:0 p.m.17 views

CVE-2018-14691

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...

6.1AI score0.00675EPSS
Exploits1References1
Rows per page
Query Builder