309 matches found
Input validation
Insufficient session validation in the service API for IntelR RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access...
Input validation
Insufficient session validation in system firmware for IntelR NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access...
CVE-2019-11123
Insufficient session validation in system firmware for IntelR NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access...
CVE-2019-11123
CVE-2019-11123 affects Intel NUC Kit/system firmware (e.g., NUC8i3BEx, NUC8i5BEx, NUC8i7BEx, several Compute Cards/NUCs). Root cause: insufficient session validation in the system firmware, enabling a local privileged user to potentially escalate privileges, cause DoS, or disclose information. CV...
CVE-2019-11119
The CVE-2019-11119 issue affects Intel RAID Web Console 3 for Windows, version 4.186 and earlier. It stems from insufficient session validation in the service API, potentially allowing an unauthenticated user to escalate privileges via network access. Red Hat and Intel advisories confirm the vuln...
CVE-2019-11119
Insufficient session validation in the service API for IntelR RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access...
Intel® RAID Web Console 3 for Windows* Advisory
Summary: A potential security vulnerability in the Intel® RAID Web Console 3 RWC3 for Windows may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-11119 Description: Insufficient session validation ...
CVE-2018-15658
An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is...
Design/Logic Flaw
An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is...
Fedora 28 : perl-Dancer2 (2018-ded377a782)
Dancer2 0.206000 addresses several potential security issues. There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. Parsing...
Remote Code Execution (RCE)
github.com/go-gitea/gitea is vulnerable to remote code execution RCE attacks. The library does not properly validate session IDs, allowing a malicious user to authenticate as another arbitrary account...
Joomla! 2.5.x < 3.6.5 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists in the JFilterInput::isFileSafe function due to improper validation of file types and extensions of uploaded files before placing them in a user-accessible pat...
Joomla! 3.3.x < 3.6.5 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists in the JFilterInput::isFileSafe function due to improper validation of file types and extensions of uploaded files before placing them in a user-accessible pat...
Joomla! 1.7.x < 3.6.5 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists in the JFilterInput::isFileSafe function due to improper validation of file types and extensions of uploaded files before placing them in a user-accessible pat...
UBUNTU-CVE-2018-18926
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...
PT-2018-14726 · Go · Gitea
Name of the Vulnerable Software and Affected Versions: Gitea versions prior to 1.5.4 Description: The issue allows remote code execution due to improper validation of session IDs, specifically related to session ID handling in the go-macaron/session code for Macaron. Recommendations: For versions...
PT-2018-14725 · Go Gitea · Gogs
Name of the Vulnerable Software and Affected Versions: Gogs version 0.11.66 Description: The issue allows remote code execution due to improper validation of session IDs. This can be exploited through a ".." session-file forgery in the file session provider, specifically in the file.go file. The...
Updated perl-Dancer2 packages fix security vulnerabilities
Dancer2 0.206000 addresses several potential security issues. There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. Parsing...
CVE-2018-12161
Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access...
CVE-2018-12161
Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access...