27 matches found
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks in the /send and /allowlist chat command processors. As a result,...
EUVD-2017-15861
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-6807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their...
RHEL 7 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: Cross-site session transfer vulnerability CVE-2017-6807 - The amreadpostdata function in...
RHEL 7 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: Cross-site session transfer vulnerability CVE-2017-6807 - modauthmellon: Open Redirect...
RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...
ROS-2-805
2.805 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability description: A corrective release of the OpenVPN Virtual Private Networking Package 2.4.9 has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...
ROS-2-1175
2.1175 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability description: A corrective release of the OpenVPN 2.4.9 virtual private networking package has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...
Cross-site Session Transfer
modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site...
Ubuntu: Security Advisory (USN-4597-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4597-1: mod_auth_mellon vulnerabilities
François Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. CVE-2017-6807 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to...
Ubuntu 16.04 LTS : mod_auth_mellon vulnerabilities (USN-4597-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4597-1 advisory. Franois Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfe...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-2388)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-2632)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : mod_auth_mellon (EulerOS-SA-2019-2632)
According to the version of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a serv...
EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-2388)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a...
Amazon Linux AMI : mod_auth_mellon / mod24_auth_mellon (ALAS-2018-968)
Cross-site session transfer vulnerability : It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one website on a server could use the same session to get access to a different site running on the same server. CVE-2017-6807 C Tenable...
CVE-2017-6807
It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one web site on a server could use the same session to get access to a different site running on the same server...
CVE-2017-6807
modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site...
Cross site scripting
modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site...