EUVD-2019-1040

Malware in sbrugna...

Information disclosure

SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, Illuminator Servlet currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application...

CVE-2019-0267

SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, Illuminator Servlet currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application...

Magento Community Edition 2.1.x < 2.1.2 Multiple Vulnerabilities

Binary data 8965.prm...

Comalatech Comala Workflows 4.6.1 CSRF / XSS Vulnerabilities

Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...

Ubuntu: Security Advisory (USN-2458-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SeaMonkey < 2.32 Multiple Vulnerabilities

Binary data 8626.prm...

Mozilla Firefox < 35.0 Multiple Vulnerabilities

Binary data 8624.prm...

Firefox < 35.0 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 35.0. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists where DOM objects with some specif...

Mozilla Thunderbird < 31.4 Multiple Vulnerabilities

The version of Thunderbird installed on the remote Windows host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon' in...

Firefox ESR 31.x < 31.4 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon'...

Mozilla Thunderbird < 31.4 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote Mac OS X host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon' in...

SeaMonkey < 2.32 Vulnerability

The version of SeaMonkey installed on the remote host is prior to 2.32. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists where DOM objects with some specific...

Firefox ESR 31.x < 31.4 Multiple Vulnerabilities

The version of Firefox ESR 31.x installed on the remote Windows host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon' ...

Firefox < 35 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 35.0. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists where DOM objects with some specifi...

UserPreferencesResource accepts form encoded data, is vulnerable to XSRF attacks

UserPreferencesResource exposes all data stored in a UserPreferences object, and allows updating it via a POST. This vulnerability needs to be closed before the next deployment...

UserPreferencesResource accepts form encoded data, is vulnerable to XSRF attacks

UserPreferencesResource exposes all data stored in a UserPreferences object, and allows updating it via a POST. This vulnerability needs to be closed before the next deployment...

Atmail Webmail 4.5.1 (4.51) / 5.x < 5.0.3 (5.03) util.pl Cross-Site Request Forgery

According to its version, the Atmail Webmail install on the remote host is 4.5.1 4.51 or 5.x prior to 5.0.3 5.03. It is, therefore, potentially affected by an input-validate error in the file 'util.pl' that could allow cross-site request forgery XSRF attacks. %NASLMINLEVEL 70300 C Tenable Network...

Some of the REST resources in Navigator plugin are susceptible to XSRF attacks

Most of the REST resources in the Navigator plugin accept "x-www-form-urlencoded" bodies but do not check for an XSRF token when making mutative changes. For example: SaveFilterResource: Allow XSRF attack to change user's filter. SuppressedTipsResource UserSearchModeResource...

Some of the REST resources in Navigator plugin are susceptible to XSRF attacks

Most of the REST resources in the Navigator plugin accept "x-www-form-urlencoded" bodies but do not check for an XSRF token when making mutative changes. For example: SaveFilterResource: Allow XSRF attack to change user's filter. SuppressedTipsResource UserSearchModeResource...