4 matches found
GHSA-CMM3-54F8-PX4J Netty's Default QUIC token handler accepts any client-supplied token
NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...
corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...
UBUNTU-CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
Joomla! 1.5.x - 'Token' Remote Admin Change Password
Joomla 1.5.x Remote Admin Password Change Author: d3m0n [email protected] Greets: GregStar, gorion, d3d!k Polish "hackers" used this bug to deface turkish sites BUAHAHHA nice 0-day pff File : /components/comuser/controller.php Line : 379-399 function confirmreset // Check for request forgeries...