Lucene search
K

152 matches found

CVE
CVE
added 2016/09/21 1:0 a.m.54 views

CVE-2016-0903

EMC Avamar Server (ADS/AVE) before 7.3.0-233 uses client-side authentication, allowing remote attackers to spoof clients and read backup data via a modified agent. Affected: Avamar Data Store and Avamar Virtual Edition. Impact: read-backup data. Remediation: upgrade to 7.3.0-233 or later as docum...

9.1CVSS8.8AI score0.03449EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.5 views

The vulnerability of the Zyxel ZLD operating system, which allows a malicious individual to trigger a service failure.

The Web interface of the Zyxel ZyWALL USG 300 network switch/router contains a vulnerability related to authentication on the client side. This allows a malicious individual to obtain device administrator privileges by manipulating the “IsAdmin” parameter...

8.3CVSS5.5AI score
Exploits0References3
CNVD
CNVD
added 2016/03/30 12:0 a.m.6 views

B.A.S C2Box Security Bypass Vulnerability

B.A.S C2Box is a financial management solution for managing domestic and cross-border payment processes from B.A.S France. A security vulnerability exists in B.A.S C2Box 4.0.0 r19171 and prior versions, which stems from a failure to protect server-side code when performing authentication on the...

7.5CVSS7.2AI score0.01442EPSS
Exploits2References1
Hacker One
Hacker One
added 2016/03/17 7:0 a.m.13 views

Gratipay: auto-logout after 20 minutes

Hi, Session is not getting expired even after keeping the application idle for 20 min and after browser closure. Information: JavaScript code can be used by the web application in all or critical pages to automatically logout client sessions after the idle timeout expires, for example, by...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2015/10/15 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2015-0283)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS4.5AI score0.01715EPSS
Exploits0References8
CNVD
CNVD
added 2015/09/02 12:0 a.m.5 views

Basware Banking Denial of Service Vulnerability

Basware Banking Maksuliikenne is a suite of software from the Finnish company Basware that establishes connections with banks to manage their own finances. A security vulnerability exists in Basware Banking version 8.90.07 and earlier, which arises from the program's reliance on the client to...

4.3CVSS6.8AI score0.01121EPSS
Exploits0References1
OSV
OSV
added 2015/07/27 5:18 p.m.8 views

MGASA-2015-0282 Updated wesnoth packages fix security vulnerability

Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed usi...

4.3CVSS4AI score0.01715EPSS
Exploits0References6
Mageia
Mageia
added 2015/07/27 5:18 p.m.38 views

Updated wesnoth packages fix security vulnerability

Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed usi...

4.3CVSS5AI score0.01715EPSS
Exploits0References5
Mageia
Mageia
added 2015/07/27 5:18 p.m.36 views

Updated wesnoth packages fix security vulnerability

Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed in...

4.3CVSS5.1AI score0.01715EPSS
Exploits0References6
NVD
NVD
added 2015/07/26 6:59 p.m.20 views

CVE-2015-2847

Honeywell Tuxedo Touch before 5.2.19.0VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream...

5CVSS6.9AI score0.02373EPSS
Exploits0References1
CVE
CVE
added 2015/07/26 6:0 p.m.47 views

CVE-2015-2847

Honeywell Tuxedo Touch Controller (prior to 5.2.19.0_VA) is affected by CVE-2015-2847 due to client-side authentication performed in JavaScript. By intercepting and dropping USERACCT=… requests from the client-server data stream, a remote attacker can bypass authentication and access restricted p...

5CVSS7.2AI score0.02373EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2009/02/13 5:30 p.m.13 views

CVE-2009-0216

GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module...

10CVSS7AI score0.02984EPSS
Exploits0References5
Rows per page
Query Builder