Lucene search
K

240 matches found

CVE
CVE
added 2023/02/01 12:0 a.m.49 views

CVE-2022-47717

The CVE-2022-47717 entry applies to Last Yard software version 22.09.8-1, which is reported to be vulnerable to a Cross-origin resource sharing (CORS) issue. The vulnerability is described as a CORS misconfiguration that could enable cross-origin access, with a CVSSv3.1 base score of 7.5 (High) a...

7.5CVSS7.5AI score0.00735EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.12 views

CVE-2022-47714

Last Yard 22.09.8-1 does not enforce HSTS headers...

9.5AI score0.00607EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.7 views

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...

7.5AI score0.00735EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.6 views

PT-2023-15467 · Last Yard · Last Yard

Name of the Vulnerable Software and Affected Versions: Last Yard version 22.09.8-1 Description: The issue allows the cookie to be stolen via unencrypted traffic. Recommendations: For version 22.09.8-1, consider using encrypted traffic to protect against cookie theft until a patch is available...

5.3CVSS5.2AI score0.00394EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.33 views

CVE-2022-47715

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...

5.6AI score0.00394EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.4 views

Last Yard 安全漏洞

Last Yard is a shelf-edge promotional platform from Last Yard Australia. A security vulnerability exists in Last Yard version 22.09.8-1, which stems from the fact that it allows an attacker to enable cross-resource sharing...

7.5CVSS7.3AI score0.00735EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.6 views

PT-2023-15468 · Last Yard · Last Yard

Name of the Vulnerable Software and Affected Versions: Last Yard version 22.09.8-1 Description: The issue concerns Cross-origin resource sharing CORS, which is a security feature that restricts web pages from making requests to a different origin domain, protocol, or port than the one the web pag...

7.5CVSS7.5AI score0.00735EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

Last Yard 安全漏洞

Last Yard is a shelf-edge promotional platform from Last Yard Australia. A security vulnerability exists in Last Yard version 22.09.8-1, which stems from the unencrypted transmission of its cookies making them accessible to attackers...

5.3CVSS5.7AI score0.00394EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.31 views

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...

7.7AI score0.00735EPSS
Exploits1References1
CVE
CVE
added 2023/02/01 12:0 a.m.47 views

CVE-2022-47715

CVE-2022-47715 affects Last Yard 22.09.8-1, where cookies can be stolen over unencrypted traffic. The root cause is lack of encryption exposing cookie confidentiality. Impact is limited to cookie theft; no explicit exploitation details are provided in the primary entry. Remediation guidance in co...

5.3CVSS5.3AI score0.00394EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/02/01 12:0 a.m.50 views

CVE-2022-47714

CVE-2022-47714 affects Last Yard version 22.09.8-1 and is caused by the app not enforcing HSTS headers. According to the CVE entry, the vulnerability has a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges required, and no user interaction, affecting confidentiality...

9.8CVSS9.3AI score0.00607EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.28 views

CVE-2022-47714

Last Yard 22.09.8-1 does not enforce HSTS headers...

9.7AI score0.00607EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2023/01/13 5:50 p.m.21 views

Metasploit Weekly Wrap-Up

New module content 2 Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: 17337 contributed by cn-kali-team Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these...

0.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/12/18 10:2 a.m.17 views

yard-booking.com Cross Site Scripting vulnerability OBB-3106929

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/12/10 4:5 p.m.15 views

yard-msk.ru Cross Site Scripting vulnerability OBB-3093773

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2022/07/01 12:0 a.m.15 views

Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting

The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting PoC /?searchjob="...

2.5AI score0.00486EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/07/01 12:0 a.m.27 views

WordPress Yellow Yard Searchbar plugin <= 2.7.27 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Victor Pasman in WordPress Yellow Yard Searchbar plugin versions = 2.7.27. Solution No patched version available...

3AI score0.00486EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/07/01 12:0 a.m.141 views

Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting

The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting /?searchjob="...

2.7AI score0.00486EPSS
Exploits2
OpenVAS
OpenVAS
added 2021/04/25 12:0 a.m.25 views

Fedora: Security Advisory for rubygem-yard (FEDORA-2021-7b8b65bc7a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.05061EPSS
Exploits0References2
Fedora
Fedora
added 2021/04/24 8:20 p.m.72 views

[SECURITY] Fedora 34 Update: rubygem-yard-0.9.26-3.fc34

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

7.5CVSS0.8AI score0.05061EPSS
Exploits0
Rows per page
Query Builder