Linux Distros Unpatched Vulnerability : CVE-2020-11729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not...

Linux Distros Unpatched Vulnerability : CVE-2020-11728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who...

CVE-2023-5291

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

WordPress Modal Popup Box plugin <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode vulnerability

Authenticated Contributor+ PHP Object Injection in awlmodalpopupboxshortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Modal Popup Box versions = 1.5.2...

CVE-2023-5291 Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

awl-steuern.de Cross Site Scripting vulnerability OBB-2149126

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Ubuntu 20.04 LTS : AWL vulnerability (USN-4539-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4539-1 advisory. Andrew Bartlett discovered that DAViCal Andrew's Web Libraries AWL did not properly manage session keys. An attacker could possibly use this issue to impersonate ...

Ubuntu: Security Advisory (USN-4539-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4539-1: AWL vulnerability

Andrew Bartlett discovered that DAViCal Andrew's Web Libraries AWL did not properly manage session keys. An attacker could possibly use this issue to impersonate a session. CVE-2020-11728...

Debian: Security Advisory (DSA-4660-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4660-1 : awl - security update

Andrew Bartlett discovered that awl, DAViCal Andrew's Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

[SECURITY] [DSA 4660-1] awl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4660-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 21, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4660-1] awl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4660-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 21, 2020 https://www.debian.org/security/faq -...

Debian DLA-2178-1 : awl security update

Following CVEs were reported against the awl source package : CVE-2020-11728 An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing session...

Debian: Security Advisory (DLA-2178-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2178-1] awl security update

Package : awl Version : 0.55-1+deb8u1 CVE ID : CVE-2020-11728 CVE-2020-11729 Debian Bug : 956650 Following CVEs were reported against the awl source package: CVE-2020-11728 An issue was discovered in DAViCal Andrews Web Libraries AWL through 0.60. Session management does not use a sufficiently...

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

DEBIAN-CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...