Lucene search
K

34 matches found

Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.4 views

PT-2024-25811 · Unknown · Cmsaasstarter

Name of the Vulnerable Software and Affected Versions: CMSaaSStarter versions prior to commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 Description: The issue concerns the verification of the user JWT Token on the server session. Recommendations: For versions prior to commit...

6.5CVSS6.8AI score0.00292EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/10/26 12:0 a.m.7 views

CVE-2022-2782

In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters...

9.2AI score0.0053EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/05 7:7 p.m.32 views

CVE-2021-31409 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 Vaadin versions 8.0.0 through 8.12.4 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

7.5CVSS7.6AI score0.01672EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/04/23 4:7 p.m.43 views

CVE-2021-31408 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

6.3CVSS7AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2021/04/22 4:11 p.m.1 views

GHSA-6HGR-2G6Q-3RMC Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

6.3CVSS5.9AI score0.00322EPSS
Exploits0References5
OSV
OSV
added 2021/04/22 4:11 p.m.21 views

GHSA-MR8H-J9CV-4M8H Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

6.3CVSS6.7AI score0.00322EPSS
Exploits0References4
VMware
VMware
added 2020/10/20 12:0 a.m.113 views

VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)

3a. ESXi OpenSLP remote code execution vulnerability CVE-2020-3992 OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. NSX-T MITM vulnerability CVE-2020-3993 VMware...

10CVSS7.8AI score0.83015EPSS
Exploits2References31Affected Software8
Tenable Nessus
Tenable Nessus
added 2018/06/05 12:0 a.m.11 views

TuyaUS Server Session Initiation Detection via HTTP (deprecated)

Binary data 700264.prm...

7.3AI score
Exploits0References1
OSV
OSV
added 2016/09/24 10:59 a.m.3 views

CVE-2016-6532

DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...

9.8CVSS5.9AI score0.03266EPSS
Exploits0References2
Prion
Prion
added 2016/09/24 10:59 a.m.15 views

Hardcoded credentials

DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...

10CVSS7.9AI score0.03266EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/09/17 12:0 a.m.2 views

Multiple Cross-Site Scripting Vulnerabilities in Ignite Realtime Openfire

Ignite Realtime Openfire formerly known as Wildfire is the IgniteRealtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open-source real-time collaboration RTC server , it can build a high-efficiency instant messaging servers...

4.3CVSS5AI score0.07998EPSS
Exploits2References1
NVD
NVD
added 2015/09/16 7:59 p.m.17 views

CVE-2015-6972

Multiple cross-site scripting XSS vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the 1 groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the 2 urlName parameter to plugins/clientcontrol/create-bookmark.jsp;...

4.3CVSS5.7AI score0.07998EPSS
Exploits2References4
Prion
Prion
added 2015/02/11 3:0 a.m.16 views

Privilege escalation

Microsoft System Center Virtual Machine Manager VMM 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machi...

6.9CVSS6.8AI score0.01642EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2004/09/28 12:0 a.m.46 views

[SA12638] Macromedia JRun Server Multiple Vulnerabilities

TITLE: Macromedia JRun Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA12638 VERIFY ADVISORY: http://secunia.com/advisories/12638/ CRITICAL: Moderately critical IMPACT: Hijacking, Cross Site Scripting, Exposure of sensitive information, DoS WHERE: From remote SOFTWARE: Macromedia Jrun 4.x...

0.6AI score
Exploits0
Rows per page
Query Builder