4 matches found
Authentication Bypass
github.com/blevesearch/bleve is vulnerable to authentication bypass. The vulnerability exists due to the missing role-based access control for rest handlers in indexcreate.go and indexdelete.go, allowing an attacker to recursively write and delete any directory in the server by using the same...
CVE-2016-3406
Multiple cross-site request forgery CSRF vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the Client uploader extension or 2 extension REST handlers, aka bugs 104294 and 104456...
CVE-2016-3406
Multiple cross-site request forgery CSRF vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the Client uploader extension or 2 extension REST handlers, aka bugs 104294 and 104456...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the Client uploader extension or 2 extension REST handlers, aka bugs 104294 and 104456...