211 matches found
CVE-2016-8673
A vulnerability has been identified in SIMATIC CP 343-1 Advanced incl. SIPLUS NET variant All versions V3.0.53, SIMATIC CP 443-1 Advanced incl. SIPLUS NET variant All versions V3.2.17, SIMATIC S7-300 PN/DP CPU family incl. SIPLUS variants All versions, SIMATIC S7-400 PN/DP CPU family incl. SIPLUS...
Server side request forgery (ssrf)
A vulnerability has been identified in SIMATIC CP 343-1 Advanced incl. SIPLUS NET variant All versions V3.0.53, SIMATIC CP 443-1 Advanced incl. SIPLUS NET variant All versions V3.2.17, SIMATIC S7-300 PN/DP CPU family incl. SIPLUS variants All versions, SIMATIC S7-400 PN/DP CPU family incl. SIPLUS...
CVE-2016-8673
A vulnerability has been identified in SIMATIC CP 343-1 Advanced incl. SIPLUS NET variant All versions V3.0.53, SIMATIC CP 443-1 Advanced incl. SIPLUS NET variant All versions V3.2.17, SIMATIC S7-300 PN/DP CPU family incl. SIPLUS variants All versions, SIMATIC S7-400 PN/DP CPU family incl. SIPLUS...
The vulnerability of the Windows operating system, which allows a malicious individual to alter the information transmitted during an RDP session
The vulnerability in the Remote Desktop Protocol RDP allows an attacker to modify the contents of the traffic for an active RDP session...
HackerOne: Session Hijacking attack (Different Scenario)
Hey I was able to replay a cookie of a current active session and hijack that by replaying the cookie. Now this is different from any conventional vanilla session hijacking because it works even when the user is not logged in. But the condition is that the victim's session must be active at the...
Multiple Vendor TCP Session Acknowledgement Number Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13215/info Multiple Vendor TCP/IP stack implementations are reported prone to a denial of service vulnerability. A report indicates that the vulnerability manifests when an erroneous TCP acknowledgement number is...
PT-2014-2868 · D Link · D-Link Dir-505L Shareport Mobile Companion +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-505L SharePort Mobile Companion version 1.01 D-Link DIR-826L Wireless N600 Cloud Router version 1.02 Description: The issue allows remote attackers to bypass authentication via a direct request when an authorized session is active...
Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)
source: https://www.securityfocus.com/bid/64735/info Built2Go PHP Shopping is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise...
CVE-2013-2993
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors...
NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...
Multiple vulnerabilities in Icewarp Web Mail 5.2.7
ShineShadow Security Report 10092004-01 TITLE: Multiple vulnerabilities in Icewarp Web Mail 5.2.7 BACKGROUND Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting-edge Merak Mail Server Instant Antispam and much more, is the fastest, most stable, secure and 100 vir...