Sensio Labs Symfony Cross-Site Request Forgery Vulnerability

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A cross-site request forgery vulnerability exists in Sensi...

WSD-T13 Cloud Storage Camera (Android Client) Exists with Override Access Vulnerability

Ltd. is an enterprise specializing in the research and development, production, sales and service of security monitoring products. WSD-T13 Cloud Storage Camera Android client suffers from an overstepping access vulnerability. The vulnerability is due to the server on the client request data...

Traq Cross-Site Request Forgery Vulnerability

Traq is a PHP-based project management and issue tracking system. Traq suffers from a cross-site request forgery vulnerability that arises from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could use this vulnerability to send...

The vulnerability of the Cisco Data Center Network Manager system arises from errors in checking user requests in the management interface. This allows attackers to disclose or modify sensitive information that is protected by the system.

The vulnerability of the Cisco Data Center Network Manager system relates to errors in checking user requests in the management interface. Exploiting this vulnerability can allow a malicious actor to disclose or modify sensitive information...

The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software lies in errors during the checking of HTTP requests in the management interface, which allows attackers to perform inter-site forged requests.

The vulnerability of Cisco Enterprise NFV Infrastructure Software-related software lies in the improper checking of HTTP requests in the management interface. Exploiting this vulnerability allows a remote attacker to perform inter-site forged requests...

SAP ERP HCM SAP Fiori Cross-Site Request Forgery Vulnerability

SAP ERP HCM is a set of enterprise human resource management solutions from SAP, Germany, of which SAP Fiori is a product front-end development framework. A cross-site request forgery vulnerability exists in SAP Fiori version 1.0 for SAP ERP HCM, which arises from an application that fails to...

CVE-2018-8844

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

CVE-2018-1791

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID:...

CVE-2018-2439

CVE-2018-2439 refers to the SAP Internet Graphics Server (IGS) affecting versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The issue is insufficient input validation in multiple IGS components (HTTP and RFC listener, portwatcher registration with the multiplexer, and the multiplexer itself), which can al...

CVE-2018-2439

The SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation for example, where the request is validated for authenticity and validity and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server IGS d...

Local Privilege Escalation in Management Web Interface

A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system. Ref. PAN-90954; CVE-2018-9242 Successful exploitati...

The vulnerability of the NmAPI.exe executable of the WhatsUp Gold network infrastructure monitoring system allows a perpetrator to gain unauthorized access to the WhatsUp Gold system or execute remote commands.

The vulnerability of the NmAPI.exe executable of the WhatsUp Gold network infrastructure monitoring system is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the WhatsUp Gold system, disclose sensitive...

CVE-2018-0299

A vulnerability in the Simple Network Management Protocol SNMP feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due to...

Apache httpd mod_cache_socache Denial of Service (CVE-2018-1303)

A denial-of-service vulnerability exists in Apache httpd. The vulnerability is due to improper validation of the headers in HTTP requests...

RCE with spring-security-oauth2 分析(CVE-2018-1260)

漏洞公告 环境搭建 利用github上已有的demo： git clone https://github.com/wanghongfei/spring-security-oauth2-example.git 确保导入的spring-security-oauth2为受影响版本，以这里为例为2.0.10 进入spring-security-oauth2-example，修改 cn/com/sina/alan/oauth/config/OAuthSecurityConfig.java的第67行: @Override public void...

Microsoft ASP.NET Core Remote Elevation of Privilege Vulnerability

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A privilege vulnerability exists in Microsoft ASP.NET Core version 2.0, which...

Rapid7 Nexpose Cross-Site Request Forgery Vulnerability

Rapid7 Nexpose is a suite of vulnerability management software from Rapid7 USA that can synthesize different scans to deeply probe a network. The software proactively scans configuration environments for errors, vulnerabilities, malware and provides guidance to reduce risk. A security vulnerabili...

CVE-2017-11932

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access OWA validates web requests, aka "Microsoft Exchange Spoofing Vulnerability"...

CVE-2017-11932

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access OWA validates web requests, aka "Microsoft Exchange Spoofing Vulnerability"...

Cross site scripting

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link...