Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass

Product: Nessus Vendor: Tenable Network Security‎ Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 potentially lower Vendor Notified Date: June 24, 2014 Vendor Resolved Date: June 25, 2014 Release Date: July 18, 2014 Risk: Medium Authentication: Not Required Remote: Yes Description: A parameter tamperi...

CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability

Product: DigiLIBE Management Console Vendor: Digitiliti Version: 3.4 - ? Tested Version: 3.4 Vendor Notified Date: October 09, 2012 Release Date: January 18, 2013 Risk: High Authentication: None required Remote: Yes Description: Execution After Redirect vulnerabilities exist in DigiLIBE Managemen...

Nexpose Security Console - Cross-Site Request Forgery

Nexpose Security Console - Cross-Site Request Forgery Product: Nexpose Security Console Vendor: Rapid7 Version: //document.forms0.submit; //uncomment to auto-submit /code 2. Lure victim to http://attackersite.com/nexpose-csrf.htm. 3. Site with ID 1 is deleted when form is submitted. V...

CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)

Product: Nexpose Security Console Vendor: Rapid7 Version: 5.5.3 Tested Version: 5.5.1 Vendor Notified Date: December 19, 2012 Release Date: January 2, 2013 Risk: High Authentication: None required Remote: Yes Description: Multiple Cross-Site Request Forgery CSRF vulnerabilities in Nexpose Securit...

[CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities

Product: Confluence Vendor: Atlassian Version: 3.0 / Current Tested Version: 3.4.6 Vendor Notified Date: June 31, 2011 Release Date: September 19, 2012 Risk: Medium Authentication: Depends on configuration. Remote: Yes Description: Multiple Cross-Site Request Forgery CSRF vulnerabilities in...