4 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. • https://www.netiq.com/support/kb/doc.php?id=7022706 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en wordpress_sentinel.php en el plugin Sentinel v1.0.0 para WordPress, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que provocan instantáneas. Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. The WordPress Sentinel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions like modifying the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • http://osvdb.org/77778 http://plugins.trac.wordpress.org/changeset?reponame=&new=475315%40wordpress-sentinel&old=474998%40wordpress-sentinel http://secunia.com/advisories/47020 http://wordpress.org/extend/plugins/wordpress-sentinel/changelog http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html http://www.securityfocus.com/bid/51089 https://exchange.xforce.ibmcloud.com/vulnerabilities/71857 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en wordpress_sentinel.php en el plugin Sentinel v1.0.0 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://osvdb.org/77777 http://plugins.trac.wordpress.org/changeset?reponame=&new=475315%40wordpress-sentinel&old=474998%40wordpress-sentinel http://secunia.com/advisories/47020 http://wordpress.org/extend/plugins/wordpress-sentinel/changelog http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html http://www.securityfocus.com/bid/51089 https://exchange.xforce.ibmcloud.com/vulnerabilities/71854 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Sentinel plugin v1.0.0 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores desconocidos. • http://osvdb.org/77779 http://plugins.trac.wordpress.org/changeset?reponame=&new=475315%40wordpress-sentinel&old=474998%40wordpress-sentinel http://wordpress.org/extend/plugins/wordpress-sentinel/changelog http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html http://www.securityfocus.com/bid/51089 https://exchange.xforce.ibmcloud.com/vulnerabilities/71858 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •