Lucene search
K

119 matches found

CNVD
CNVD
added 2020/02/06 12:0 a.m.5 views

Red Hat Quay Cross-Site Request Forgery Vulnerability

Red Hat Quay is a distributed container image repository from Red Hat, Inc. that is used to build, distribute and deploy containers. A cross-site request forgery vulnerability exists in Red Hat Quay. The vulnerability stems from a WEB application that does not adequately validate that a request i...

8.8CVSS6.8AI score0.0044EPSS
Exploits0References1
OSV
OSV
added 2019/11/06 4:10 p.m.4 views

DRUPAL-CONTRIB-2019-075

Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forg...

6.3AI score
Exploits0References1
CNVD
CNVD
added 2019/07/02 12:0 a.m.3 views

CyberPanel Cross-Site Request Forgery Vulnerability

CyberPanel is a web hosting control panel with built-in DNS and email servers. A cross-site request forgery vulnerability exists in CyberPanel 1.8.4 and earlier versions. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user...

8.8CVSS6.8AI score0.00838EPSS
Exploits5References1
CNVD
CNVD
added 2019/06/26 12:0 a.m.3 views

Quadbase Systems EspressReport ES Cross-Site Scripting Vulnerability

Quadbase Systems EspressReport ES ERES is a centralized business intelligence reporting solution from Quadbase Systems, USA. A cross-site scripting vulnerability exists in Quadbase Systems ERES version 7.0 update 7. The vulnerability stems from a lack of proper validation of client-side data by t...

5.4CVSS6.4AI score0.00821EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/01/10 12:0 a.m.8 views

The vulnerability of the Windows Theme API component of the Windows operating system allows a hacker to execute arbitrary code in the context of the current user.

The vulnerability of the Windows Theme API component of the operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially created file...

5.1CVSS7.8AI score0.46406EPSS
Exploits3References4
OSV
OSV
added 2018/10/09 12:38 a.m.22 views

GHSA-C7HR-J4MJ-J2W6 Verification Bypass in jsonwebtoken

Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm. Recommendation Update to version 4.2.2 or later...

9.8CVSS9.4AI score0.08655EPSS
Exploits3References6
Github Security Blog
Github Security Blog
added 2018/10/09 12:38 a.m.43 views

Verification Bypass in jsonwebtoken

Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm. Recommendation Update to version 4.2.2 or later...

9.8CVSS8.9AI score0.08655EPSS
Exploits3References6Affected Software1
Hacker One
Hacker One
added 2018/09/20 10:33 a.m.148 views

Chaturbate: Open redirection at https://chaturbate.com/auth/login/

Hi, Summary An attacker can redirect vicitm on an external website using https://chaturbate.com/auth/login/ endpoint because next parameter is not being validated properly. There is a protection existed but it's weak and can be bypassed. http keyword is detected and protection works if payload...

0.3AI score
Exploits0
CNVD
CNVD
added 2018/06/22 12:0 a.m.3 views

Cisco NX-OS Arbitrary Command Execution Vulnerability

Cisco NX-OS Software is the United States Cisco Cisco company's set of data center-oriented operating system. An input validation vulnerability exists in the role-based access detection mechanism in Cisco NX-OS Software, which stems from the program's lack of file system validation and input...

7.8CVSS7.7AI score0.00314EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/04 12:0 a.m.13 views

Cisco Application Policy Infrastructure Controller Command Injection Vulnerability

The Cisco Application Policy Infrastructure Controller APIC is a controller for automating the management of application-centric infrastructures ACI from Cisco. A command injection vulnerability exists in the system script file in Cisco APIC that stems from the program failing to adequately...

7.2CVSS8AI score0.00445EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/02 12:0 a.m.3 views

Cross-Site Request Forgery Vulnerability in Multiple Moxa Products

Moxa OnCell G3110-HSPA and so on are products of China Moxa Moxa, of which OnCell G3110-HSPA is an industrial-grade IP gateway and OnCell 5104-HSPA is an industrial-grade cellular router. A cross-site request forgery vulnerability exists in multiple Moxa products that stems from a program failing...

8.8CVSS7AI score0.00494EPSS
Exploits0References1
0day.today
0day.today
added 2016/11/12 12:0 a.m.32 views

WordPress W3 Total Cache Amazon SNS Push Messages Weak Validation Vulnerability

A vulnerability in the validation of Amazon SNS messages was found in the W3 Total Cache plugin. This issue allows an attacker to perform a variety of actions concerning the server's cache, which may result in a denial of service attack. Version 0.9.4.1 is affected...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/11 12:0 a.m.36 views

WordPress W3 Total Cache Amazon SNS Push Messages Weak Validation

------------------------------------------------------------------------ Weak validation of Amazon SNS push messages in W3 Total Cache WordPress Plugin ------------------------------------------------------------------------ Sipke Mellema, July 2016...

0.1AI score
Exploits0
Node.js
Node.js
added 2015/10/17 7:41 p.m.36 views

Verification Bypass

Overview Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm. Recommendation Update to version 4.2.2 or later...

7.5CVSS3AI score0.08655EPSS
Exploits3Affected Software1
seebug.org
seebug.org
added 2014/05/10 12:0 a.m.40 views

BeeCMS v3.4 后台验证绕过

/includes/fun.php 弱验证导致后台验证绕过 0 v3.4 更新到最新版本...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2008/09/25 12:0 a.m.27 views

Simple Machines Forum (SMF) < 1.1.6 Password Reset Vulnerability

Simple Machines Forum SMF is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.5AI score0.07131EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2006/03/03 12:0 a.m.18 views

vbulletinXSSpasswd.txt

——–Summary——– Software: vBulletin Sowtware’s Web Site: http://www.vBulletin.com Versions: 3.0.12-3.5.3 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: imei addmimistrator Risk Level: Mediume ——-Description——- There is a security bug in most powerfull & common...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/03/09 12:0 a.m.30 views

[SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation

Summary: xoops 2.0.9.2 and below weak file extension validation Description =========== XOOPS is an extensible, OO Object Oriented, easy to use dynamic web content management system written in PHP. XOOPS is the ideal tool for developing small to large dynamic community websites, intra company...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/01/12 12:0 a.m.19 views

Debian DSA-634-1 : hylafax - weak hostname and username validation

Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system. Some installations of hylafax may actually utilise...

7.5CVSS5.4AI score0.01779EPSS
Exploits0References2
Rows per page
Query Builder