CVE-2014-3926 (lg)
Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter.
Source: CVE-2014-3926 (lg)
[월:] 2017년 03월
CVE-2014-3926
CVE-2014-3926
Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter.
Source: CVE-2014-3926
CVE-2017-6807 (mod_auth_mellon)
CVE-2017-6807 (mod_auth_mellon)
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
Source: CVE-2017-6807 (mod_auth_mellon)
CVE-2017-6807
CVE-2017-6807
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
Source: CVE-2017-6807
CVE-2015-6671
CVE-2015-6671
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.
Source: CVE-2015-6671
CVE-2017-6080 (zammad)
CVE-2017-6080 (zammad)
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.
Source: CVE-2017-6080 (zammad)
CVE-2017-6180 (kk002_ip_camera_firmware)
CVE-2017-6180 (kk002_ip_camera_firmware)
Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages).
CVE-2017-6081 (zammad)
CVE-2017-6081 (zammad)
A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.
Source: CVE-2017-6081 (zammad)
CVE-2017-5621 (zammad)
CVE-2017-5621 (zammad)
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
Source: CVE-2017-5621 (zammad)
CVE-2017-5619 (zammad)
CVE-2017-5619 (zammad)
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.
Source: CVE-2017-5619 (zammad)