119 matches found
Red Hat Quay Cross-Site Request Forgery Vulnerability
Red Hat Quay is a distributed container image repository from Red Hat, Inc. that is used to build, distribute and deploy containers. A cross-site request forgery vulnerability exists in Red Hat Quay. The vulnerability stems from a WEB application that does not adequately validate that a request i...
DRUPAL-CONTRIB-2019-075
Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forg...
CyberPanel Cross-Site Request Forgery Vulnerability
CyberPanel is a web hosting control panel with built-in DNS and email servers. A cross-site request forgery vulnerability exists in CyberPanel 1.8.4 and earlier versions. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user...
Quadbase Systems EspressReport ES Cross-Site Scripting Vulnerability
Quadbase Systems EspressReport ES ERES is a centralized business intelligence reporting solution from Quadbase Systems, USA. A cross-site scripting vulnerability exists in Quadbase Systems ERES version 7.0 update 7. The vulnerability stems from a lack of proper validation of client-side data by t...
The vulnerability of the Windows Theme API component of the Windows operating system allows a hacker to execute arbitrary code in the context of the current user.
The vulnerability of the Windows Theme API component of the operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially created file...
GHSA-C7HR-J4MJ-J2W6 Verification Bypass in jsonwebtoken
Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm. Recommendation Update to version 4.2.2 or later...
Verification Bypass in jsonwebtoken
Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm. Recommendation Update to version 4.2.2 or later...
Chaturbate: Open redirection at https://chaturbate.com/auth/login/
Hi, Summary An attacker can redirect vicitm on an external website using https://chaturbate.com/auth/login/ endpoint because next parameter is not being validated properly. There is a protection existed but it's weak and can be bypassed. http keyword is detected and protection works if payload...
Cisco NX-OS Arbitrary Command Execution Vulnerability
Cisco NX-OS Software is the United States Cisco Cisco company's set of data center-oriented operating system. An input validation vulnerability exists in the role-based access detection mechanism in Cisco NX-OS Software, which stems from the program's lack of file system validation and input...
Cisco Application Policy Infrastructure Controller Command Injection Vulnerability
The Cisco Application Policy Infrastructure Controller APIC is a controller for automating the management of application-centric infrastructures ACI from Cisco. A command injection vulnerability exists in the system script file in Cisco APIC that stems from the program failing to adequately...
Cross-Site Request Forgery Vulnerability in Multiple Moxa Products
Moxa OnCell G3110-HSPA and so on are products of China Moxa Moxa, of which OnCell G3110-HSPA is an industrial-grade IP gateway and OnCell 5104-HSPA is an industrial-grade cellular router. A cross-site request forgery vulnerability exists in multiple Moxa products that stems from a program failing...
WordPress W3 Total Cache Amazon SNS Push Messages Weak Validation Vulnerability
A vulnerability in the validation of Amazon SNS messages was found in the W3 Total Cache plugin. This issue allows an attacker to perform a variety of actions concerning the server's cache, which may result in a denial of service attack. Version 0.9.4.1 is affected...
WordPress W3 Total Cache Amazon SNS Push Messages Weak Validation
------------------------------------------------------------------------ Weak validation of Amazon SNS push messages in W3 Total Cache WordPress Plugin ------------------------------------------------------------------------ Sipke Mellema, July 2016...
Verification Bypass
Overview Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm. Recommendation Update to version 4.2.2 or later...
BeeCMS v3.4 后台验证绕过
/includes/fun.php 弱验证导致后台验证绕过 0 v3.4 更新到最新版本...
Simple Machines Forum (SMF) < 1.1.6 Password Reset Vulnerability
Simple Machines Forum SMF is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
vbulletinXSSpasswd.txt
Summary Software: vBulletin Sowtwares Web Site: http://www.vBulletin.com Versions: 3.0.12-3.5.3 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: imei addmimistrator Risk Level: Mediume -Description- There is a security bug in most powerfull & common...
[SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation
Summary: xoops 2.0.9.2 and below weak file extension validation Description =========== XOOPS is an extensible, OO Object Oriented, easy to use dynamic web content management system written in PHP. XOOPS is the ideal tool for developing small to large dynamic community websites, intra company...
Debian DSA-634-1 : hylafax - weak hostname and username validation
Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system. Some installations of hylafax may actually utilise...