240 matches found
CVE-2022-47717
The CVE-2022-47717 entry applies to Last Yard software version 22.09.8-1, which is reported to be vulnerable to a Cross-origin resource sharing (CORS) issue. The vulnerability is described as a CORS misconfiguration that could enable cross-origin access, with a CVSSv3.1 base score of 7.5 (High) a...
CVE-2022-47714
Last Yard 22.09.8-1 does not enforce HSTS headers...
CVE-2022-47717
Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...
PT-2023-15467 · Last Yard · Last Yard
Name of the Vulnerable Software and Affected Versions: Last Yard version 22.09.8-1 Description: The issue allows the cookie to be stolen via unencrypted traffic. Recommendations: For version 22.09.8-1, consider using encrypted traffic to protect against cookie theft until a patch is available...
CVE-2022-47715
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...
Last Yard 安全漏洞
Last Yard is a shelf-edge promotional platform from Last Yard Australia. A security vulnerability exists in Last Yard version 22.09.8-1, which stems from the fact that it allows an attacker to enable cross-resource sharing...
PT-2023-15468 · Last Yard · Last Yard
Name of the Vulnerable Software and Affected Versions: Last Yard version 22.09.8-1 Description: The issue concerns Cross-origin resource sharing CORS, which is a security feature that restricts web pages from making requests to a different origin domain, protocol, or port than the one the web pag...
Last Yard 安全漏洞
Last Yard is a shelf-edge promotional platform from Last Yard Australia. A security vulnerability exists in Last Yard version 22.09.8-1, which stems from the unencrypted transmission of its cookies making them accessible to attackers...
CVE-2022-47717
Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...
CVE-2022-47715
CVE-2022-47715 affects Last Yard 22.09.8-1, where cookies can be stolen over unencrypted traffic. The root cause is lack of encryption exposing cookie confidentiality. Impact is limited to cookie theft; no explicit exploitation details are provided in the primary entry. Remediation guidance in co...
CVE-2022-47714
CVE-2022-47714 affects Last Yard version 22.09.8-1 and is caused by the app not enforcing HSTS headers. According to the CVE entry, the vulnerability has a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges required, and no user interaction, affecting confidentiality...
CVE-2022-47714
Last Yard 22.09.8-1 does not enforce HSTS headers...
Metasploit Weekly Wrap-Up
New module content 2 Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: 17337 contributed by cn-kali-team Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these...
yard-booking.com Cross Site Scripting vulnerability OBB-3106929
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
yard-msk.ru Cross Site Scripting vulnerability OBB-3093773
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting
The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting PoC /?searchjob="...
WordPress Yellow Yard Searchbar plugin <= 2.7.27 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Victor Pasman in WordPress Yellow Yard Searchbar plugin versions = 2.7.27. Solution No patched version available...
Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting
The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting /?searchjob="...
Fedora: Security Advisory for rubygem-yard (FEDORA-2021-7b8b65bc7a)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: rubygem-yard-0.9.26-3.fc34
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...