Lucene search
K

70 matches found

OSV
OSV
added 2018/11/09 5:49 p.m.18 views

GHSA-Q257-VV4P-FG92 Header Forgery in http-signature

Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature sign the...

7.5CVSS7.2AI score0.00857EPSS
Exploits0References4
Hacker One
Hacker One
added 2018/02/16 3:31 p.m.22 views

HackerOne: Can read features from any user

Summary: An attacker can read feature notifications from any user. Just need to change me to userusername:"filedescriptor" in your request to get the features. Steps To Reproduce POST /graphql HTTP/1.1 Host: hackerone.com "query":"query Newfeature \n query \n id,\n ...F0\n \n\nfragment F0 on Quer...

1.1AI score
Exploits0
Veracode
Veracode
added 2017/11/28 8:46 a.m.22 views

Authorization Bypass

TeamPass is vulnerable to authorization bypass. The application does not properly check if a user has the proper permissions to access an item, allowing a malicious user to modify or delete multiple attributes of an item by modifying requests sent to the application...

8.1CVSS7.9AI score0.01061EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/09/07 1:29 p.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to mgadmin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely...

6.8CVSS9.2AI score0.04135EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2017/05/17 9:29 p.m.4 views

CVE-2017-4012

Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request...

6.5CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2017/05/17 9:29 p.m.20 views

Session fixation

Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request...

6CVSS7.5AI score0.00861EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2016/11/24 2:57 a.m.15 views

Slack: Eavesdropping on private Slack calls

A vulnerability exists in Slack's call functionality that allows a team member to eavesdrop on private ongoing Slack calls by inviting themselves into the conversation without the permission from either participant. By doing so they can eavesdrop on co-workers' private conversations as well as...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2008/03/22 12:0 a.m.23 views

Microsoft Internet Explorer 7 request modification

Headers manipulation and invalid chunked encoding processing allow response splitting...

3.2AI score
Exploits0References2
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.18 views

CVE-2001-0995

PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs...

6.7AI score0.01588EPSS
Exploits0References4
NVD
NVD
added 2001/10/02 4:0 a.m.20 views

CVE-2001-1234

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable...

7.5CVSS7.8AI score0.03504EPSS
Exploits1References5
Rows per page
Query Builder