5 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the certificate issuance/auto-certification flows in api/certificate/issue.go and api/sites/autocert.go, and JSON field encryption migration in the internal/migrate. An attacker c...
Linux Distros Unpatched Vulnerability : CVE-2020-8167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. CVE-2020-8167 Note that Nessus...
UBUNTU-CVE-2020-8167
A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...
PYSEC-2014-109
OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...
Windows Gather Enumerate Domain Tokens
This module enumerates domain account tokens, processes running under domain accounts, and domain users in the local Administrators, Users and Backup Operator groups. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...