Lucene search
K

321 matches found

Prion
Prion
added 2021/02/09 7:15 p.m.22 views

Cross site request forgery (csrf)

The CSRF Cross Site Request Forgery token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version 10.6...

4.3CVSS4.5AI score0.00461EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2021/01/28 9:21 p.m.14 views

GitLab: Responsible Disclosure of Privacy Leakage Issue

Greetings, I am Mojtaba Zaheri, a doctoral candidate in Computer Science, affiliated with the NJIT Cybersecurity Research Center. Together with my doctoral dissertation advisor, Prof. Reza Curtmola, we are reaching out to perform responsible disclosure of a vulnerability present on the GitLab...

6.2AI score
Exploits0
OSV
OSV
added 2021/01/26 6:16 p.m.4 views

CVE-2021-3297

On Zyxel NBG2105 V1.00AAGU.2C0 devices, setting the login cookie to 1 provides administrator access...

7.8CVSS7.1AI score
Exploits0References4
OSV
OSV
added 2021/01/07 1:15 p.m.14 views

CVE-2020-26768

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

6.1CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 2021/01/07 12:43 p.m.22 views

CVE-2020-26768

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

6.1AI score0.01224EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/22 12:0 a.m.2 views

Gradle Enterprise Cross-Site Scripting Vulnerability (CNVD-2020-53324)

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A cross-site scripting vulnerability exists in Gradle Enterprise. The vulnerability stems from the ability to obtain authentication via the /info/headers, /cache-info/headers, /admin-info/headers,...

7.5CVSS6.4AI score0.01677EPSS
Exploits0References1
Zero Science Lab
Zero Science Lab
added 2020/08/13 12:0 a.m.199 views

QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cookie User Password Disclosure

Summary Digital Signage Software. Description The application suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. QiHang Media Web QH.aspx Digital...

8.6CVSS5.8AI score0.0028EPSS
Exploits1
VulnCheck KEV
VulnCheck KEV
added 2020/02/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-9995

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin"...

9.8CVSS7.3AI score0.83151EPSS
Exploits13References1
CNVD
CNVD
added 2019/12/09 12:0 a.m.8 views

Multiple Weidmueller Product Information Disclosure Vulnerabilities

Weidmueller IE-SW-VL05M-5TX and so on are an industrial Ethernet switch from Weidmueller, Germany. An information disclosure vulnerability exists in multiple Weidmueller products, which can be exploited by an attacker to guess the authentication information in a cookie...

9.8CVSS6.6AI score0.01873EPSS
Exploits0References1
OSV
OSV
added 2019/12/06 6:15 p.m.3 views

CVE-2019-16674

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network...

9.8CVSS7.3AI score0.01873EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.6 views

The vulnerability of the DBUS_COOKIE_SHA1 function in the D-Bus library of the process-interaction system allows a perpetrator to compromise data integrity or gain unauthorized access to protected information.

The vulnerability of the DBUSCOOKIESHA1 function in the D-Bus library related to deficiencies in authentication mechanisms. Exploiting this vulnerability could allow an attacker to compromise data integrity by replacing the uid value or gaining unauthorized access to protected information by usin...

7.1CVSS5.5AI score0.00555EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2019/07/30 8:47 p.m.18 views

GHSA-J3JP-GVR5-7HWQ python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...

8.8CVSS8.8AI score0.00828EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/07/15 12:0 a.m.10 views

PT-2019-4805 · Python · Python-Engineio

Name of the Vulnerable Software and Affected Versions: python-engineio versions 3.8.2 and earlier Description: The issue is related to a Cross-Site WebSocket Hijacking CSWSH vulnerability, also referred to as a Cross-Site Request Forgery CSRF vulnerability. This vulnerability allows attackers to...

9.8CVSS6.7AI score0.64284EPSS
Exploits7References161
OSV
OSV
added 2019/06/12 2:50 p.m.9 views

USN-4015-2 dbus vulnerability

USN-4015-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that DBus incorrectly handled DBUSCOOKIESHA1 authentication. A local attacker could possibly use this issue to bypass...

7.1CVSS7.1AI score0.00555EPSS
Exploits0References2
Symantec
Symantec
added 2019/04/09 12:0 a.m.23 views

Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

6.5AI score0.02419EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2018/11/21 12:0 a.m.1 views

Unauthorized Access Vulnerability in nzcms

Jinhua Ningzhi Network Technology Co., Ltd. is / government agencies / public security agencies / military agencies / school institutions / business companies / e-commerce office platform construction technology and service providers. Unauthorized access vulnerability exists in nzcms. The...

7.4AI score
Exploits0
OSV
OSV
added 2018/10/19 10:29 p.m.5 views

CVE-2018-12666

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255...

9.8CVSS5.8AI score0.01825EPSS
Exploits1References1
CNVD
CNVD
added 2018/10/19 12:0 a.m.3 views

Adobe Experience Manager HTML Injection Vulnerability (CNVD-2019-06893)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. An HTM...

6.1CVSS6.6AI score0.01944EPSS
Exploits0References1
OSV
OSV
added 2018/10/10 9:29 p.m.5 views

CVE-2018-12455

Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie...

8.1CVSS5.8AI score0.05867EPSS
Exploits3References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.5 views

Nes has an unspecified vulnerability

Nes is a WebSocket adapter plugin for hapi routing. A security vulnerability exists in Nes 6.4.0 and earlier versions. When websocket authentication is set to 'cookie', an attacker can exploit the vulnerability by submitting an invalid cookie to shut down the node process...

5.9CVSS5.8AI score0.01901EPSS
Exploits0References1
Rows per page
Query Builder