Page 7 of 76 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 159EXPL: 0

CVE-2015-3148 – curl: Negotiate not treated as connection-oriented

https://notcve.org/view.php?id=CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. cURL y libcurl 7.10.6 hasta la versión 7.41.0 no reutiliza adecuadamente la conexiones Negotiate autenticadas, lo que permite a atacantes remotos conectarse como otros usuarios a través de una solicitud. It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones. • http://advisories.mageia.org/MGASA-2015-0179.html http://curl.haxx.se/docs/adv_20150422B.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html http://lists.fedoraproject.org • CWE-284: Improper Access Control CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-7874

https://notcve.org/view.php?id=CVE-2014-7874

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en HP System Management Homepage (SMH) anterior a 3.2.3 en HP-UX B.11.23, y anterior a 3.2.8 en HP-UX B.11.31, permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. • http://secunia.com/advisories/60945 http://www.securitytracker.com/id/1031050 https://exchange.xforce.ibmcloud.com/vulnerabilities/97024 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04476799 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 26%CPEs: 5EXPL: 0

CVE-2014-2640

https://notcve.org/view.php?id=CVE-2014-2640

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en HP System Management Homepage (SMH) anterior a 7.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.kb.cert.org/vuls/id/125228 http://www.securitytracker.com/id/1030960 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2014-2641

https://notcve.org/view.php?id=CVE-2014-2641

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en HP System Management Homepage (SMH) anterior a 7.4 permite a usuarios remotos autenticados secuestrar la autenticaciíon de victimas no especificadas a través de vectores desconocidos. • http://www.securitytracker.com/id/1030960 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 0

CVE-2014-2642

https://notcve.org/view.php?id=CVE-2014-2642

HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. HP System Management Homepage (SMH) anterior a 7.4 permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. • http://www.securitytracker.com/id/1030960 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322 • CWE-20: Improper Input Validation •