Lucene search
K

127 matches found

Huntr
Huntr
added 2021/08/23 7:22 p.m.10 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to change any role with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/08/20 7:6 a.m.19 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

✍️ Description Attacker able to Remove budgeted amount with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

4.3CVSS1.3AI score0.00501EPSS
Exploits1
Huntr
Huntr
added 2021/08/17 8:25 p.m.8 views

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any Announcements with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/08/17 8:19 p.m.7 views

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any album of a user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1AI score
Exploits0
Huntr
Huntr
added 2021/08/17 2:46 p.m.13 views

Cross-Site Request Forgery (CSRF) in aces/loris

✍️ Description Attacker able to delete any user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/07/24 8:29 a.m.10 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.6AI score
Exploits0
Prion
Prion
added 2020/10/19 1:15 p.m.15 views

Session fixation

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take...

6.8CVSS8.4AI score0.02195EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/10/19 12:57 p.m.39 views

CVE-2020-15909

SolarWinds N-central up to 2020.1 is described as vulnerable to session hijacking via the JSESSIONID cookie. The JSESSIONID attribute is not validated against multiple sources (e.g., source IP, MFA claims) while the victim remains logged in, allowing an attacker to steal the cookie and reuse it b...

8.8CVSS8.3AI score0.02195EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/07/07 2:15 p.m.3 views

CVE-2020-15574

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893...

7.5CVSS7.1AI score0.01522EPSS
Exploits0References1
CVE
CVE
added 2020/07/07 1:14 p.m.56 views

CVE-2020-15574

CVE-2020-15574 affects SolarWinds Serv-U File Server prior to 15.2.1. The root cause is mishandling of the Same-Site cookie attribute, leading to potential exposure of sensitive information via crafted requests. Multiple sources (NVD, Red Hat advisory, CNVD) confirm the same issue and reference t...

7.5CVSS7.5AI score0.01522EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2020/02/21 12:0 a.m.139 views

D-Link DGS-1250 Header Injection

D-Link DGS-1250 header injection vulnerability ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt Overview -------- D-Link DGS-1250 switch is susceptible to a header injection...

Exploits0
Positive Technologies
Positive Technologies
added 2019/12/12 12:0 a.m.3 views

PT-2019-13856 · Red Hat · 3Scale

Name of the Vulnerable Software and Affected Versions: 3scale versions prior to 2.6 Description: A vulnerability was found that did not set the HTTPOnly attribute on the user session cookie, allowing an attacker to conduct cross-site scripting attacks and gain access to unauthorized information...

5.4CVSS4.9AI score0.00528EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/10/01 7:42 p.m.4 views

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

7.5CVSS5.8AI score0.02204EPSS
Exploits0References4
CVE
CVE
added 2018/09/18 2:0 a.m.42 views

CVE-2018-16958

Oracle WebCenter Interaction Portal 10.3.3 is affected. ASP.NET_SessionID cookie used with IIS/ASP.NET is not protected by HttpOnly, and customers cannot enable the attribute. This exposes the cookie to session hijacking if JavaScript runs in the portal origin. No explicit fix/mitigation is provi...

5.8CVSS5.2AI score0.00896EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/10/26 9:29 p.m.19 views

Information disclosure

IBM Tivoli Endpoint Manager IBM BigFix Platform 9.2 and 9.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

4.3CVSS3.8AI score0.01159EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/01/25 12:0 a.m.51 views

FreeBSD : phpMyAdmin -- Multiple vulnerabilities (7721562b-e20a-11e6-b2e2-6805ca0b3d42)

The phpMyAdmin development team reports : Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

9.8CVSS7AI score0.06711EPSS
Exploits1References9
FreeBSD
FreeBSD
added 2017/01/24 12:0 a.m.52 views

phpMyAdmin -- Multiple vulnerabilities

The phpMyAdmin development team reports: Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status...

9.8CVSS9.5AI score0.06711EPSS
Exploits1References7
CNVD
CNVD
added 2016/07/05 12:0 a.m.4 views

phpMyAdmin Injection Attack Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 4.6.3...

4.3CVSS7.7AI score0.01689EPSS
Exploits0References1
NVD
NVD
added 2016/07/03 1:59 a.m.18 views

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS4.6AI score0.01689EPSS
Exploits0References3
Prion
Prion
added 2016/07/03 1:59 a.m.23 views

Design/Logic Flaw

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS7.1AI score0.01689EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder