Lucene search
K

826 matches found

Debian
Debian
added 2018/07/16 9:2 p.m.25 views

[SECURITY] [DSA 4247-1] ruby-rack-protection security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4247-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 16, 2018 https://www.debian.org/security/faq -...

5.9CVSS6AI score0.02489EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/07/15 12:0 a.m.39 views

Debian: Security Advisory (DSA-4247-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.1AI score0.02489EPSS
Exploits0References4
CVE
CVE
added 2018/05/15 8:0 p.m.65 views

CVE-2018-1262

The CVE-2018-1262 issue affects Cloud Foundry Foundation UAA (versions 4.12.x and 4.13.x). The root cause is a feature that allowed privilege escalation across identity zones when offline token validation is performed, enabling a zone administrator to configure tokens impersonating another zone a...

7.2CVSS7AI score0.01339EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/10/25 12:0 a.m.4 views

OctoberCMS Cross-Site Request Forgery Vulnerability

OctoberCMS is an open source, self-hosted content management system CMS built on the Laravel PHP framework developed by Canadian software developer Alexey Bobkov and Australian software developer Samuel Georges. A cross-site request forgery vulnerability exists in OctoberCMS version 1.0.426 a.k.a...

8.8CVSS7AI score0.01976EPSS
Exploits5References1
Hacker One
Hacker One
added 2017/10/06 9:3 p.m.99 views

WakaTime: password token validation

Hello, when I reset password all tokens are valid can be used, should keep valid only token in the last request or you can invalidate all reset links after using one of the requests successfully. Steps: 1 go to the password reset page and request more than one request. 2 go to your email and use...

1AI score
Exploits0
Hacker One
Hacker One
added 2017/10/03 7:32 a.m.19 views

Paragon Initiative Enterprises: CSRF token does not valided during blog comment

SUMMURY ================= i tested that all post request has CSRF token. During Author profile creation also a CSRF token is posted. Now when i removed this CSRF token , show s error like bellow CSRF validation failed 0 /var/www/csprng/src/Cabin/Bridge/Controller/Author.php52:...

7.1AI score
Exploits0
Veracode
Veracode
added 2017/09/12 8:54 a.m.9 views

Cross-Site Request Forgery(CSRF)

drupal/core is vulnerable to cross-site request forgery CSRF attacks. The library does not carry out form token validation early enough, allowing attackers to run the file upload value callbacks with untrusted input...

6.8AI score
Exploits0
CNVD
CNVD
added 2017/08/30 12:0 a.m.5 views

SimpleSAMLphp Invalid Token Creation and Validation Vulnerability

SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 service provider and identity provider functionality . A security vulnerability exists in SimpleSAMLphp 1.14.14 and earlier versions of SimpleSAMLAuthTimeLimitedToken. An attacker can exploit the vulnerability t...

5.9CVSS6.1AI score0.0125EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/06/30 3:11 a.m.28 views

WakaTime: Password token validation in https://wakatime.com/

Hi team, I noticed that when requesting multiple reset links at https://wakatime.com/resetpassword/ all tokens are valid and can be used. In numerous applications the following policy is adopted as an additional security measure: keep valid only that token with shorter lifetime last requested or...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2017/06/27 9:10 p.m.17 views

Weblate: Password token validation in Weblate Bypass

Hi, This is a bypass of the fix on 229987. I could confirm that old link still works. Though you would need to use 2 browsers to pull this off Reproduction Steps 1. In Browser1, request a password reset - Load link sent to your email in the same browser - Request another password reset in Browser...

7.2AI score
Exploits0
CNVD
CNVD
added 2017/06/12 12:0 a.m.3 views

CSRF Vulnerability in Cicada CMS 6.2

Cicada Knowledge Enterprise Portal System is an open source and free enterprise portal system. CSRF vulnerability exists in Cicada Knowledge cms version 6.2. The vulnerability stems from the lack of token validation on the background page of Cicada Knowledge cms, which leads to the triggering of...

7AI score
Exploits0
CNVD
CNVD
added 2017/04/27 12:0 a.m.3 views

Cross-site scripting and cross-site request forgery vulnerabilities in metinfo

metinfo cms is an enterprise website management system with PHP Mysql architecture. There are cross-site scripting and cross-site request forgery vulnerabilities in metinfo. metinfocms "background settings-basic information-third-party code" form does not have token validation and effective...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2017/04/14 6:25 p.m.55 views

Nextcloud: CSRF token validation is missing

Greetings, Hello Security Team, Summary I know this is a medium risk issue but i want you guys to be aware of it that the CSRF token validation is missing at the time of login on https://portal.nextcloud.com/login.php login page. PoC Code: Email Password Login Now Forgot Password? var tabs = '';...

0.7AI score
Exploits0
CNVD
CNVD
added 2017/04/07 12:0 a.m.4 views

CSRF Cross-site Request Forgery Vulnerability at Add Administrator of Rice Shell Enterprise Website Builder 2016 Official Version

Rice Shell Enterprise Building System is an enterprise building and content management system. CSRF cross-site request forgery vulnerability exists in Rice Shell Enterprise Website Builder System 2016 Official VersionAdd Administrator. As the packet of the add administrator operation is not token...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/03/30 12:0 a.m.2 views

YXcmsApp V1.4.3 'uninstall()' Function Has Cross-Site Request Forgery Vulnerability

Yxcms is an enterprise building system based on PHP and mysql technology. A cross-site request forgery vulnerability exists in the YXcmsApp V1.4.3 'uninstall' function. Due to the lack of HTTP Referer or token validation, an attacker can exploit the vulnerability to uninstall the system's...

7AI score
Exploits0
CNVD
CNVD
added 2016/12/24 12:0 a.m.1 views

CSRF vulnerability in icms backend

iCMS is an efficient content management system for small and medium-sized websites. A csrf vulnerability exists in the latest version of iCMS. Because the token is not validated in the /app/admincp/account.app.php dosave operation, an attacker can modify the administrator account password by...

7.1AI score
Exploits0
OSV
OSV
added 2016/07/04 10:59 p.m.7 views

CVE-2016-4430

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

8.8CVSS8.7AI score0.03801EPSS
Exploits0References8
Prion
Prion
added 2016/07/04 10:59 p.m.21 views

Cross site request forgery (csrf)

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

6.8CVSS7.2AI score0.03801EPSS
Exploits0References8Affected Software1
CNVD
CNVD
added 2016/06/16 12:0 a.m.6 views

Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04092)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

8.8CVSS9.7AI score0.03801EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/02/05 3:7 a.m.301 views

New Relic: A Log in page does not properly validate the authenticity token at the server side

Description: POST /login?returnto=%2Foauthprovider%2Fauthorize%3Fresponsetype%3Dcode%26clientid%3D%252BvB2dkv4yOb37C00ACk%252B6A%253D%253D%26redirecturi%3Dhttps%253A%252F%252Frpm.newrelic.com%252Fauth%252Fnewrelic%252Fcallback%26state%3D2ea541fcd18aa27925ad8977848536106cbaf1bbb4611f90 HTTP/1.1...

7AI score
Exploits0
Rows per page
Query Builder