14 matches found
EUVD-2012-2694
Malware in sbrugna...
EUVD-2012-2693
Malware in sbrugna...
CVE-2012-2714
The BrowserID Mozilla Persona module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier...
Authentication flaw
The BrowserID Mozilla Persona module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier...
CVE-2012-2714
The BrowserID Mozilla Persona module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier...
CVE-2012-2714
The CVE-2012-2714 entry concerns the Drupal BrowserID (Mozilla Persona) module for Drupal 7.x-1.x, vulnerable before 7.x-1.3. The underlying issue is insufficient validation of authentication requests, allowing remote attackers to hijack arbitrary user authentication via the audience identifier. ...
CVE-2012-2713
Cross-site request forgery CSRF vulnerability in the BrowserID Mozilla Persona module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the BrowserID Mozilla Persona module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site...
CVE-2012-2713
The Drupal 7.x BrowserID (Mozilla Persona) module (7.x-1.x) is affected by a CSRF vulnerability that could allow an attacker to hijack a user’s authentication when logging into another site. The issue arises from insufficient validation of authentication requests. It is fixed in BrowserID 7.x-1.3...
CVE-2012-2713
Cross-site request forgery CSRF vulnerability in the BrowserID Mozilla Persona module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site...
Drupal ‘BrowserID’ 跨站请求伪造漏洞和安全绕过漏洞
Drupal是一款开源CMS,可以作为各种网站的内容管理平台。 Drupal的BrowserID(Mozilla Persona)模块中存在跨站请求伪造漏洞和安全绕过漏洞。 攻击者可利用这些漏洞绕过安全限制进而获取敏感信息,或者执行未授权操作,获取对受影响应用程序的访问,这可能导致进一步的攻击。 BrowserID(Mozilla Persona) 7.x-1.3之前的7.x-1.x版本中存在这些漏洞。 0 7.x-1.x 厂商解决方案 目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://drupal.org/node/1597414...
SA-CONTRIB-2012-085 - BrowserID - Multiple Vulnerabilities
CSRF Issue: CVE: CVE-2012-2713 BrowserID login theft: CVE: CVE-2012-2714 The BrowserID module provides integration with BrowserID also known as Mozilla Persona -- a Mozilla project that lets users of your site quickly and easily log in without needing to remember a password specific to your site...
Mozilla Releases BrowserID Web Authentication System
Mozilla has released a new browser-based federated login mechanism called BrowserID that is designed to replace the login process on Web sites that requires users to supply an email and password. The experimental system relies on the Verified Email protocol and also works on other browsers,...
CVE-2010-0642
Cisco Collaboration Server CCS 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by 1 changing .jhtml to %2Ejhtml, 2 changing .jhtml to .jhtm%6C, 3 appending %00 after .jhtml, and 4 appending %c0%80 after .jhtml,...