Lucene search
+L

1205 matches found

Zero Day Initiative
Zero Day Initiative
added 2017/08/08 12:0 a.m.34 views

Adobe Reader DC URL Parsing Insufficient Verification of Data Authenticity Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

4.3CVSS3.5AI score0.05807EPSS
Exploits0References1
myhack58
myhack58
added 2017/08/02 12:0 a.m.197 views

For NXP I. MX microprocessor HAB vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword NXP(NXP)semiconductor production company i. The MX Series application processor of the Secure Boot features in the presence of two vulnerabilities, two vulnerabilities by Quarkslab the two researchers Guillaume Delugré and Kévin Szkudłapski found this article on the two vulnerabilit...

7.8AI score
Exploits0
Prion
Prion
added 2017/08/01 2:29 p.m.15 views

Design/Logic Flaw

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle...

6.8CVSS7.9AI score0.00396EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/08/01 2:29 p.m.14 views

CVE-2017-11130

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle...

8.1CVSS8AI score0.00396EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/08/01 2:0 p.m.18 views

CVE-2017-11130

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle...

8AI score0.00396EPSS
Exploits0References1
CVE
CVE
added 2017/08/01 2:0 p.m.46 views

CVE-2017-11130

This CVE affects heinekingmedia StashCat: Android up to 1.7.5, Web up to 0.0.80w, Desktop up to 0.0.86. Root cause: the protocol only aims to protect confidentiality; there are no integrity or authenticity checks in the entire protocol. Consequence: man-in-the-middle attackers can perform replay ...

8.1CVSS7.9AI score0.00396EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/07/04 12:0 a.m.5 views

ThinkPHP5 PDO Authenticity Preprocessing suffers from SQL Injection Vulnerability

ThinkPHP V5.0 is a high-performance framework designed for API development. A SQL injection vulnerability exists in ThinkPHP5 PDO authenticity preprocessing. The vulnerability is caused by controlling the value position of the in statement, i.e. by passing in an array, leading to a SQL injection...

8.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/06/27 12:0 a.m.4 views

The vulnerability of the Antivirus Kasperksy 8.0 web console for Linux File Servers allows an attacker to send commands to the antivirus software on behalf of its user.

The vulnerability of the Antivirus Kaspersky 8.0 web console for Linux File Servers arises from the lack of authenticity verification for the creators of the web consoles. Exploiting this vulnerability allows a malicious actor to send an antivirus command on behalf of the user who visits the...

7.1CVSS5.5AI score
Exploits0References1Affected Software1
NVD
NVD
added 2017/06/15 3:29 a.m.18 views

CVE-2017-9606

Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks...

7.3CVSS7.3AI score0.00301EPSS
Exploits0References1
Prion
Prion
added 2017/06/15 3:29 a.m.15 views

Design/Logic Flaw

Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks...

4.4CVSS7.1AI score0.00301EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2017/06/15 3:0 a.m.17 views

CVE-2017-9606

Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks...

7.3AI score0.00301EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/05/01 3:54 p.m.21 views

New Relic: CSRF For Adding Users

Issue The API affected is https://rpm.newrelic.com/accounts/accountid/accountviews. Only admin users are allowed to add other new users, but a normal user with knowledge of the accountid can craft a webpage which does a CSRF when an admin user visits it. There are 2 problems with it that can resu...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2017/02/24 10:26 p.m.37 views

Files.com: CSRF @ configuration

Enter the support PIN from your test site if applicable: Enter the name of your test site if applicable: gaming2 Enter the subdomain from your test site if applicable: gaming2 Fill in the rest of your report below: ---- Greeting guys , i found a CSRF Bug at the configuration - General form in all...

6.8AI score
Exploits0
Veracode
Veracode
added 2017/01/26 1:44 a.m.20 views

Cross-Site Request Forgery (CSRF) Via Leakage Of Authenticity Token

omniauth is susceptible to cross-site request forgery attacks. The attacks are possible because it stores POST parameters in addition to GET parameters in callback phase, thereby exposing authenticitytokens from the POST parameters and leading to bypass of cross-site request forgery protection...

7.5CVSS7.3AI score0.02129EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2017/01/17 6:15 a.m.11 views

Unverifiable Symmetric Encryption

spring-cloud-config has a flaw which allows malicious manipulation of symmetric encryptions. The vulnerability exists because its default symmetric encryption does not use a Message Authentication Code MAC to verify the authenticity of encrypted message...

6.8AI score
Exploits0
RubySec
RubySec
added 2017/01/11 12:0 a.m.15 views

omniauth leaks authenticity token in callback params

In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...

7.5CVSS4.8AI score0.02129EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2016/08/15 12:0 a.m.65 views

GitLab - impersonate Feature Privilege Escalation

GitLab - impersonate Feature Privilege Escalation Exploit Title: GitLab privilege escalation via "impersonate" feature Date: 02-05-2016 Software Link: https://about.gitlab.com/ Version: 8.2.0 - 8.2.4, 8.3.0 - 8.3.8, 8.4.0 - 8.4.9, 8.5.0 - 8.5.11, 8.6.0 - 8.6.7, 8.7.0 Exploit Author: Kaimi Website...

6.5CVSS0.4AI score0.10143EPSS
Exploits5
Hacker One
Hacker One
added 2016/06/30 6:31 p.m.157 views

HackerOne: Possible CSRF during joining report as participant

Hi, I think i found a possible csrf issue with joining report as participant endpoint, Actually one of the bug got duplicated and the company added me into the original bug as a participant. then, I got invitation from hackerone to joing the report. After opening the invitation link, there was tw...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/05/22 9:17 p.m.14 views

Gratipay: don't store CSRF tokens in cookies

Your web application generates CSRF token values inside cookies which is not a best practice for web applications as revelation of cookies can reveal CSRF Tokens as well. Authenticity tokens should be kept separate from cookies and should be isolated to change operations in the account only. More...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/04/29 12:0 a.m.160 views

Allround Automations PL/SQL Developer < 11.0.6.1776 HTTP Insecure Update RCE

The version of Allround Automations PL/SQL Developer installed on the remote host is prior to 11.0.6.1776. It is, therefore, affected by a remote code execution vulnerability due to a failure to properly verify the origin or authenticity of update data sent via HTTP. A man-in-the-middle attacker...

8.1CVSS8.5AI score0.00944EPSS
Exploits1References1
Rows per page
Query Builder