34 matches found
PT-2024-25811 · Unknown · Cmsaasstarter
Name of the Vulnerable Software and Affected Versions: CMSaaSStarter versions prior to commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 Description: The issue concerns the verification of the user JWT Token on the server session. Recommendations: For versions prior to commit...
CVE-2022-2782
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters...
CVE-2021-31409 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 Vaadin versions 8.0.0 through 8.12.4 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...
CVE-2021-31408 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
GHSA-6HGR-2G6Q-3RMC Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
GHSA-MR8H-J9CV-4M8H Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)
3a. ESXi OpenSLP remote code execution vulnerability CVE-2020-3992 OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. NSX-T MITM vulnerability CVE-2020-3993 VMware...
TuyaUS Server Session Initiation Detection via HTTP (deprecated)
Binary data 700264.prm...
CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...
Hardcoded credentials
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...
Multiple Cross-Site Scripting Vulnerabilities in Ignite Realtime Openfire
Ignite Realtime Openfire formerly known as Wildfire is the IgniteRealtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open-source real-time collaboration RTC server , it can build a high-efficiency instant messaging servers...
CVE-2015-6972
Multiple cross-site scripting XSS vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the 1 groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the 2 urlName parameter to plugins/clientcontrol/create-bookmark.jsp;...
Privilege escalation
Microsoft System Center Virtual Machine Manager VMM 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machi...
[SA12638] Macromedia JRun Server Multiple Vulnerabilities
TITLE: Macromedia JRun Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA12638 VERIFY ADVISORY: http://secunia.com/advisories/12638/ CRITICAL: Moderately critical IMPACT: Hijacking, Cross Site Scripting, Exposure of sensitive information, DoS WHERE: From remote SOFTWARE: Macromedia Jrun 4.x...