102 matches found
Cross site scripting
An XSS issue was discovered in Thycotic Secret Server before 10.7 issue 2 of 2...
CVE-2019-18357
An XSS issue was discovered in Thycotic Secret Server before 10.7 issue 2 of 2...
CVE-2019-18357
CVE-2019-18357 affects Thycotic Secret Server prior to 10.7. The issue is a cross-site scripting vulnerability in the web application caused by insufficient validation of client-side data, enabling potential injection of arbitrary scripts. Impact per sources indicates no confidentiality impact, b...
CVE-2019-18356
Thycotic Secret Server (
CVE-2019-18356
An XSS issue was discovered in Thycotic Secret Server before 10.7 issue 1 of 2...
CVE-2019-18355
Thycotic Secret Server’s legacy Web launcher contains an SSRF vulnerability (CVE-2019-18355) in versions before 10.7. Connected sources corroborate that an SSRF issue affects the legacy Web launcher, with no public exploit details provided in the documents. The CVSS metrics indicate high to criti...
CVE-2019-18355
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7...
Google Warns of Android Zero-Day Bug Under Active Attack
Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi. Google’s Project Zero warned late Thursday that it suspected the...
Microsoft Blacklists Dozens of New File Extensions in Outlook
Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems “at-risk” file attachments, which are typically sent with malicious scripts or executables. The move will prevent users from downloading email attachment...
Cisco Patches 13 High-Severity Router and Switch Bugs
Cisco Systems released patches for 29 bugs Wednesday that addressed flaws in a wide range of its products including routers and switches running the IOS XE networking software. Thirteen of the vulnerabilities revealed are rated high severity. The bulk of the high-severity vulnerabilities are tied...
Thycotic Secret Server Credentials Disclosure Vulnerability
The Remote Desktop Launcher in Thycotic Secret Server does not properly cleanup a temporary file that contains an encrypted password once a session has ended. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Thycotic Secret Server Remote Desktop Launcher Remote Desktop Launch Vulnerability
Thycotic Secret Server is a suite of password protection software from Thycotic, Inc. Remote Desktop Launcher is one of the remote desktop launchers. A security vulnerability exists in Remote Desktop Launcher in versions of Thycotic Secret Server prior to 8.6.000010, which stems from the program...
CVE-2014-4861
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended...
Default credentials
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended...
CVE-2014-4861
CVE-2014-4861 affects Thycotic Secret Server’s Remote Desktop Launcher, where a temporary file containing an encrypted password is not properly cleaned up after a session ends. This could expose credentials if the file persists. Affected: Secret Server prior to 8.6.000010. Root cause: inadequate ...
CVE-2014-4861
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended...
Thycotic Secret Server Open Redirect Vulnerability
Thycotic Secret Server is a set of password protection software from the American company Thycotic. An open redirection vulnerability exists in the share function in versions of Thycotic Secret Server prior to 10.2.000019. A remote attacker could exploit this vulnerability to redirect users to...
Thycotic Secret Server Redirect Vulnerability
The share function in Thycotic Secret Server mishandles the Back Button, leading to unintended redirections. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Thycotic Secret Server Detection
Detection of Thycotic Secret Server. The script sends a connection request to the server and attempts to detect Thycotic Secret Server and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
CVE-2017-11725
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...