Lucene search
+L

250 matches found

CVE
CVE
added 2017/04/17 3:0 p.m.49 views

CVE-2016-4869

CVE-2016-4869 (Cybozu Office) : Cybozu Office versions 9.0.0–10.4.0 contain an information disclosure vulnerability where a page displaying CGI environment variables can leak session information. An unauthenticated remote attacker may obtain a user’s session data via that page. The issue’s impact...

6.5CVSS6.2AI score0.02023EPSS
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2017/04/02 6:15 p.m.13 views

U.S. Dept Of Defense: Reflected XSS vulnerability on a DoD website

A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @twicedi was able to demonstrate this vulnerability by crafting a specially...

0.7AI score
Exploits0
Palo Alto Networks
Palo Alto Networks
added 2017/03/15 5:30 p.m.15 views

Information Disclosure in Terminal Server Agent

An information disclosure vulnerability exists in the Terminal Server TS agent. Session information may be disclosed due to insecure permissions WINAGENT-43 / CVE-2017-6356. The information disclosure is limited to session information. This issue affects TS agent 6.0, TS agent 7.0, and TS agent...

5.3CVSS6.6AI score0.00978EPSS
Exploits0References1
FireEye
FireEye
added 2017/03/09 8:0 a.m.16 views

Using the Registry to Discover Unix Systems and Jump Boxes

On red team engagements, Mandiant consultants are often tasked with identifying and obtaining access to critical Unix systems within our client’s environments. The objectives may include obtaining payment card data on point of sale terminals or accessing intellectual property residing on Apple...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2016/11/23 1:56 p.m.14 views

U.S. Dept Of Defense: Cross-site scripting (XSS) vulnerability on a DoD website

A cross-site scripting XSS vulnerability was found on a Department of Defense. XSS vulnerabilities can be used to trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @ juliocesar able to demonstrate this vulnerability b...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2016/11/22 10:24 a.m.15 views

U.S. Dept Of Defense: Reflected XSS vulnerability on a DoD website

A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @r0p3 was able to demonstrate this vulnerability by crafting a specially...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2016/11/21 5:33 p.m.24 views

U.S. Dept Of Defense: Reflected XSS vulnerability on a DoD website

A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @yaworskwas able to demonstrate this vulnerability by crafting a specially...

2.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/11/09 12:0 a.m.35 views

CA Unified Infrastructure Management get_sessions Session Information Disclosure Remote Authentication Bypass Vulnerability

This vulnerability allows remote attackers to disclose session information on vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the getsessions servlet. The servlet can retu...

5CVSS2.1AI score0.04338EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/10/03 12:0 a.m.34 views

JVN#09736331: Cybozu Office vulnerable to information disclosure

Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page...

6.5CVSS6.3AI score0.02023EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/16 12:0 a.m.37 views

JVN#03052683: Cybozu Mailwise vulnerable to information disclosure

Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the pa...

6.5CVSS6.3AI score0.01892EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/02 4:50 a.m.3 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.3AI score
Exploits0References2
Patchstack
Patchstack
added 2016/04/29 12:0 a.m.10 views

WordPress Truemag Theme - Cross Site Scripting

The vulnerability is located in the "s" value of the page module GET method request. Because of this vulnerability remote attackers are able to inject own malicious script codes to the client-side of the online service web-application to compromise user session information or data. Solution Updat...

2.8AI score
Exploits0References1Affected Software1
OSV
OSV
added 2016/04/25 12:59 a.m.7 views

CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

6.3CVSS6.7AI score0.02902EPSS
Exploits0References41
Prion
Prion
added 2016/04/25 12:59 a.m.41 views

Design/Logic Flaw

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

4.3CVSS7.4AI score0.18171EPSS
Exploits2References41Affected Software2
Debian CVE
Debian CVE
added 2016/04/25 12:0 a.m.56 views

CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

6.3CVSS6.9AI score0.02902EPSS
Exploits0
Cvelist
Cvelist
added 2016/04/25 12:0 a.m.34 views

CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

7.1AI score0.02902EPSS
Exploits0References41
Symantec
Symantec
added 2016/04/15 8:0 a.m.76 views

SA122 : SMB Vulnerabilities in Windows and Samba (Badlock)

SUMMARY Blue Coat products that include affected versions of Microsoft Windows and Samba are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to hijack connections to view and modify traffic, obtain unauthorized access to user passwords and other...

6.8CVSS1.8AI score0.3693EPSS
Exploits0Affected Software6
OSV
OSV
added 2016/04/14 12:0 a.m.47 views

DSA-3548-2 samba - regression update

Bulletin has no description...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/04/13 1:25 a.m.10 views

samba: Spoofing vulnerability when domain controller is configured

It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine...

6.3CVSS6.8AI score0.02902EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/12 7:33 p.m.5 views

samba: Spoofing vulnerability when domain controller is configured

It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine...

6.3CVSS6.8AI score0.02902EPSS
Exploits0References5
Rows per page
Query Builder