250 matches found
CVE-2016-4869
CVE-2016-4869 (Cybozu Office) : Cybozu Office versions 9.0.0–10.4.0 contain an information disclosure vulnerability where a page displaying CGI environment variables can leak session information. An unauthenticated remote attacker may obtain a user’s session data via that page. The issue’s impact...
U.S. Dept Of Defense: Reflected XSS vulnerability on a DoD website
A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @twicedi was able to demonstrate this vulnerability by crafting a specially...
Information Disclosure in Terminal Server Agent
An information disclosure vulnerability exists in the Terminal Server TS agent. Session information may be disclosed due to insecure permissions WINAGENT-43 / CVE-2017-6356. The information disclosure is limited to session information. This issue affects TS agent 6.0, TS agent 7.0, and TS agent...
Using the Registry to Discover Unix Systems and Jump Boxes
On red team engagements, Mandiant consultants are often tasked with identifying and obtaining access to critical Unix systems within our client’s environments. The objectives may include obtaining payment card data on point of sale terminals or accessing intellectual property residing on Apple...
U.S. Dept Of Defense: Cross-site scripting (XSS) vulnerability on a DoD website
A cross-site scripting XSS vulnerability was found on a Department of Defense. XSS vulnerabilities can be used to trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @ juliocesar able to demonstrate this vulnerability b...
U.S. Dept Of Defense: Reflected XSS vulnerability on a DoD website
A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @r0p3 was able to demonstrate this vulnerability by crafting a specially...
U.S. Dept Of Defense: Reflected XSS vulnerability on a DoD website
A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @yaworskwas able to demonstrate this vulnerability by crafting a specially...
CA Unified Infrastructure Management get_sessions Session Information Disclosure Remote Authentication Bypass Vulnerability
This vulnerability allows remote attackers to disclose session information on vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the getsessions servlet. The servlet can retu...
JVN#09736331: Cybozu Office vulnerable to information disclosure
Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page...
JVN#03052683: Cybozu Mailwise vulnerable to information disclosure
Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the pa...
Information Disclosure Vulnerability in Hitachi Command Suite
Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
WordPress Truemag Theme - Cross Site Scripting
The vulnerability is located in the "s" value of the page module GET method request. Because of this vulnerability remote attackers are able to inject own malicious script codes to the client-side of the online service web-application to compromise user session information or data. Solution Updat...
CVE-2016-2111
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...
Design/Logic Flaw
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...
CVE-2016-2111
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...
CVE-2016-2111
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...
SA122 : SMB Vulnerabilities in Windows and Samba (Badlock)
SUMMARY Blue Coat products that include affected versions of Microsoft Windows and Samba are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to hijack connections to view and modify traffic, obtain unauthorized access to user passwords and other...
DSA-3548-2 samba - regression update
Bulletin has no description...
samba: Spoofing vulnerability when domain controller is configured
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine...
samba: Spoofing vulnerability when domain controller is configured
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine...