Lucene search
K

536 matches found

Atlassian
Atlassian
added 2015/12/01 10:36 a.m.32 views

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/12/01 10:36 a.m.20 views

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

1.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/09/08 12:0 a.m.7 views

The vulnerability of the Mac OS X operating system, which allows a hacker to manipulate timestamps

The vulnerability of the Mac OS X operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to forge timestamps due to errors in restricting access to the date and time settings panel...

2.1CVSS7.2AI score0.00339EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2015/07/06 12:0 a.m.23 views

ThinkSNS 4.0 一处设计缺陷(可伪造任意人发朋友圈)

简要描述: 通常用于诈骗! 详细说明: 官方的demo已经是4.0,可惜下不到源码 翻来看看ThinkSNS 3.0的源码,发现一处严重的设计缺陷 apps\public\Lib\Action\AccountAction.class.php 下doSaveProfile方法为保存用户信息操作 / 保存基本信息操作 @return json 返回操作后的JSON信息数据 / public function doSaveProfile $res = true; // 保存用户表信息 if!empty$POST'sex' $save'sex' = 1 == intval$POST'sex' ?...

7AI score
Exploits0
Atlassian
Atlassian
added 2015/03/24 9:0 a.m.32 views

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2015/03/24 9:0 a.m.26 views

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

1.1AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/02/11 12:0 a.m.29 views

Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2498-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2498-1 advisory. It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this iss...

9CVSS7.6AI score0.06213EPSS
Exploits0References8
OSV
OSV
added 2015/01/21 10:7 a.m.7 views

SUSE-SU-2015:0290-1 Security update for krb5

MIT kerberos krb5 was updated to fix several security issues and bugs. Security issues fixed: CVE-2014-5351: The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 sent old keys in a response to a -randkey -keepold request, which allowed remote...

9CVSS6.6AI score0.06213EPSS
Exploits0References9
seebug.org
seebug.org
added 2014/12/04 12:0 a.m.39 views

KesionCMS最新版本可伪造任何人发表评论

简要描述: KesionCMS最新版本可伪造任何人发表评论 详细说明: 1.首先登陆官网的一个demo http://demo.kesioncms.com 2.随便找一条贴子发表评论 这里就找到了管理员更新的一篇文章 url:http://demo.kesion.com/html/xwpd/gn/2629.html 3.发表评论.得到请求的url...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/11/24 8:46 p.m.6 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS6.7AI score0.09149EPSS
Exploits1References4
CVE
CVE
added 2014/10/10 1:0 a.m.93 views

CVE-2014-5351

CVE-2014-5351 affects MIT Kerberos 5 (krb5) kadmind: the kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c sends old keys in response to a -randkey -keepold request, enabling remote authenticated users to forge tickets by leveraging administrative access. Affected: krb5

2.1CVSS6AI score0.02616EPSS
Exploits0References15Affected Software1
OpenVAS
OpenVAS
added 2014/10/01 12:0 a.m.12 views

openSUSE: Security Advisory for mozilla-nss (openSUSE-SU-2014:1232-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.1617EPSS
Exploits0References1
OSV
OSV
added 2014/09/24 7:35 p.m.3 views

USN-2360-2 thunderbird vulnerabilities

USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory details: Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates...

7.5CVSS6.8AI score0.1617EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/08/13 6:18 p.m.7 views

CFME: AgentController get/log application log forging

It was found that the get and log methods of the AgentController wrote log messages without sanitizing user input. A remote attacker could use this flaw to insert arbitrary content into the log files written to by AgentController...

5CVSS5.9AI score0.01567EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.39 views

HFS HTTP File Server 1.5/2.x Multiple Security Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a...

10CVSS6.5AI score0.03568EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.18 views

openSUSE Security Update : icecast (openSUSE-SU-2012:0352-1)

Icecast didn't strip newlines from log entries, therefore allowing uses to forge log entries. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-153. The text description of this...

5CVSS5.3AI score0.02199EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/06/05 12:0 a.m.1255 views

OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability

The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...

7.4CVSS8.3AI score0.99977EPSS
Exploits14References10
OpenVAS
OpenVAS
added 2013/12/30 12:0 a.m.24 views

SuSE Update for Fixes openSUSE-SU-2013:1952-1 (Fixes)

Check for the Version of Fixes OpenVAS Vulnerability Test $Id: gbsuse201319521.nasl 8466 2018-01-19 06:58:30Z teissa $ SuSE Update for Fixes openSUSE-SU-2013:1952-1 Fixes Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is...

7.2CVSS6.4AI score0.00481EPSS
Exploits1References1
Prion
Prion
added 2013/09/05 11:44 a.m.15 views

Design/Logic Flaw

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

3.5CVSS6.7AI score0.01382EPSS
Exploits5References1Affected Software1
Cvelist
Cvelist
added 2013/09/05 10:0 a.m.25 views

CVE-2013-1648

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

6.2AI score0.01382EPSS
Exploits5References1
Rows per page
Query Builder