[Forgot Password]
Login  Register Subscribe

24544

 
 

132176

 
 

121239

 
 

909

 
 

98883

 
 

148

 
 
Paid content will be excluded from the download.

Filter
Matches : 116288 Download | Alert*

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10325. Reason: This candidate is a reservation duplicate of CVE-2016-10325. Notes: All CVE users should reference CVE-2016-10325 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10326. Reason: This candidate is a reservation duplicate of CVE-2016-10326. Notes: All CVE users should reference CVE-2016-10326 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-7510. Reason: This candidate is a reservation duplicate of CVE-2016-7510. Notes: All CVE users should reference CVE-2016-7510 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1000307. Reason: This candidate is a reservation duplicate of CVE-2016-1000307. Notes: All CVE users should reference CVE-2016-1000307 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to We ...

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10211. Reason: This candidate is a reservation duplicate of CVE-2016-10211. Notes: All CVE users should reference CVE-2016-10211 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.


Pages:      Start    11183    11184    11185    11186    11187    11188    11189    11190    11191    11192    11193    11194    11195    11196    ..   11628

© SecPod Technologies