214 matches found
CVE-2023-51059
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface...
CVE-2023-35793
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...
PT-2023-5722 · Unknown · Cassia Access Controller
Name of the Vulnerable Software and Affected Versions: Cassia Access Controller version 2.1.1.2303271039 Description: The issue is related to insufficient authentication of executed requests in the Cassia Access Controller, which can allow a remote attacker to perform a Cross Site Request Forgery...
Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud...
SUSE CVE-2013-6634
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...
PT-2023-12674 · Johnson Controls · Johnson Controls System Configuration Tool
Name of the Vulnerable Software and Affected Versions: Johnson Controls System Configuration Tool SCT versions 14 prior to 14.2.3 Johnson Controls System Configuration Tool SCT versions 15 prior to 15.0.3 Description: The issue allows access to a sensitive cookie in an HTTPS session due to the la...
CVE-2022-25626
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session...
CVE-2022-25626
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session...
PT-2022-17418 · Unknown · Identity Manager
Name of the Vulnerable Software and Affected Versions: Identity Manager affected versions not specified Description: An unauthenticated user can access specific page URLs of Identity Manager's management console. However, the system does not allow the user to carry out server-side tasks without a...
CVE-2022-33137
A vulnerability has been identified in SIMATIC MV540 H All versions V3.3, SIMATIC MV540 S All versions V3.3, SIMATIC MV550 H All versions V3.3, SIMATIC MV550 S All versions V3.3, SIMATIC MV560 U All versions V3.3, SIMATIC MV560 X All versions V3.3. The web session management of affected devices...
CVE-2022-33137
A vulnerability has been identified in SIMATIC MV540 H All versions V3.3, SIMATIC MV540 S All versions V3.3, SIMATIC MV550 H All versions V3.3, SIMATIC MV550 S All versions V3.3, SIMATIC MV560 U All versions V3.3, SIMATIC MV560 X All versions V3.3. The web session management of affected devices...
Design/Logic Flaw
A vulnerability has been identified in SIMATIC MV540 H All versions V3.3, SIMATIC MV540 S All versions V3.3, SIMATIC MV550 H All versions V3.3, SIMATIC MV550 S All versions V3.3, SIMATIC MV560 U All versions V3.3, SIMATIC MV560 X All versions V3.3. The web session management of affected devices...
GHSA-8JFX-H6Q2-V4G3 Jenkins session fixation vulnerability
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...
(Pwn2Own) Cisco RV340 NGINX Missing Authentication Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the NGINX web server. The issue results from...
CVE-2022-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...
Mozilla: Use-after-free in HTTP2 Session object
The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...
U.S. Dept Of Defense: XSS Reflected - ██████████
Hi Team, I found a XSS Reflected. https://██████████/███onload=%22prompt1 Thanks DRauschkolb Impact XSS vulnerabilities can be used to trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content & even steal cookies. System Host...
U.S. Dept Of Defense: XSS Reflected - ███
Hi Team, I found a XSS Reflected. https://██████/Telerik.ReportViewer.axd?optype=Parameters&bgColor=000000%22onload=%22prompt1 Thans DRauschkolb Impact XSS vulnerabilities can be used to trick a web user into executing a malicious script, potentially revealing a user's web session information or...
CVE-2021-26560
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
Synology DiskStation Manager 安全漏洞
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A sensitive information clear text transfer vulnerability exists in synorelay...