809 matches found
CVE-2024-11274
Removed by vendor...
GitLab 输入验证错误漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an input validation error vulnerability that stems from th...
PT-2024-9581 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.1 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: An issue was discovered in GitLab CE/EE where the injection of Network Error Logging NEL headers in the...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of sensitive information in unencrypted form, allowing attackers to gain access to confidential data.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of passwords in an unencrypted form during session data. Exploiting this vulnerability can allow attackers to gain access to confidential information...
CVE-2024-36468
The reported vulnerability is a stack buffer overflow in the zbxsnmpcachehandleengineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-securityEngineID to localrecord.engineid without proper bounds checking...
Incorrect Object Recycling And Re-use
Apache Tomcat is vulnerable to Incorrect object recycling and re-use. The vulnerability is due to flawed object recycling logic in Apache Tomcat's HTTP/2 implementation. Specifically, the request and response objects are not properly cleared or segregated before being reused, allowing data from o...
Cross-site Scripting (XSS)
firebase is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the "FIREBASEDEFAULTS" cookie, which allows attackers to manipulate the "authTokenSyncURL" field and redirect user session data to a malicious server...
CVE-2024-11023
Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...
CVE-2024-11023
Firebase JavaScript SDK stores configuration data in a FIREBASE_DEFAULTS cookie, including an _authTokenSyncURL field. Connected sources describe that if an attacker can preset or modify this cookie, they can redirect the token sync URL to a malicious server and capture user session data transmit...
Google Firebase Js Sdk 安全漏洞
Google Firebase Js Sdk is a client-side codebase for connecting to Firebase back-end services from Google, Inc USA. A security vulnerability exists in Google Firebase Js Sdk that stems from the use of a cookie named FIREBASEDEFAULTS to store configuration data, which allows an attacker to capture...
PT-2024-16712 · Google · Firebase Javascript Sdk
Name of the Vulnerable Software and Affected Versions: Firebase JavaScript SDK versions prior to 10.9.0 Description: The Firebase JavaScript SDK utilizes a "FIREBASE DEFAULTS" cookie to store configuration data, including an " authTokenSyncURL" field used for session synchronization. If this cook...
User password is available in memory of the PHP process
None...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the fact that under certain circumstances, a user's password is stored in session data in a...
Remitly: [CRITICAL] 0-Click Account Takeover via Password Reset [AUTH-3243] /orchestrator/v1/password_reset/start
The vulnerability discovered allows an attacker to reset the password of a victim's account without requiring any user interaction or special privileges. By intercepting the password reset request and modifying it with the victim's session data, the attacker can successfully take over the account...
PT-2024-9153 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.12 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 30.0.2 Description: The issue concerns the storage of user passwords in unencrypted form in session data under certain...
CVE-2024-10287
Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName...
LocalServer 跨站脚本漏洞
LocalServer is a web server software for Windows by murdas83 Individual Developer. A cross-site scripting vulnerability exists in LocalServer version 1.0.9, which stems from a cross-site scripting XSS vulnerability that could allow a remote user to send a specially crafted query to an authenticat...
LocalServer 跨站脚本漏洞
LocalServer is a web server software for Windows from the individual developer murdas83. A cross-site scripting vulnerability exists in LocalServer version 1.0.9, which can be exploited to obtain sensitive information from a user session via the to parameter on the /testmail/index.php page...
SOPlanning 跨站脚本漏洞
SOPlanning is a suite of online project management software from SOPlanning, Inc. A cross-site scripting vulnerability exists in SOPlanning versions prior to 1.45 that stems from improper input validation and allows a remote user to send a specially crafted query to steal session details from...
PT-2024-31479 · Nintendo · Mario Kart 8 Deluxe +1
Name of the Vulnerable Software and Affected Versions: Mario Kart 8 Deluxe versions prior to 3.0.3 Description: The issue is caused by a stack-based buffer overflow in the LAN/LDN local multiplayer implementation, allowing a remote attacker to exploit it upon deserialization of session informatio...