Lucene search
K

4 matches found

Veracode
Veracode
added 2022/06/02 2:32 a.m.21 views

Authentication Bypass

github.com/blevesearch/bleve is vulnerable to authentication bypass. The vulnerability exists due to the missing role-based access control for rest handlers in indexcreate.go and indexdelete.go, allowing an attacker to recursively write and delete any directory in the server by using the same...

6.2CVSS5.7AI score0.00332EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/01/18 10:59 p.m.6 views

CVE-2016-3406

Multiple cross-site request forgery CSRF vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the Client uploader extension or 2 extension REST handlers, aka bugs 104294 and 104456...

8.8CVSS5.8AI score0.00928EPSS
Exploits0References5
NVD
NVD
added 2017/01/18 10:59 p.m.18 views

CVE-2016-3406

Multiple cross-site request forgery CSRF vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the Client uploader extension or 2 extension REST handlers, aka bugs 104294 and 104456...

8.8CVSS9.1AI score0.00928EPSS
Exploits0References5
Prion
Prion
added 2017/01/18 10:59 p.m.18 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the Client uploader extension or 2 extension REST handlers, aka bugs 104294 and 104456...

6.8CVSS7.9AI score0.00928EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder