all InfoSec news
CVE-2023-2508 (mobility_print_server)
Sept. 20, 2023, 4:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
unauthenticated attacker to perform a CSRF attack on an instance
administrator to configure the clients host (in the "configure printer
discovery" section). This is possible because the application has no
protections against CSRF attacks, like Anti-CSRF tokens, header origin
validation, samesite cookies, etc.
anti-csrf tokens application attack attacker attacks clients cookies csrf csrf attack cve discovery etc header host instance mobility origin print printer samesite tokens unauthenticated validation version version 1
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-45955 (lightstrip_firmware)
5 months, 3 weeks ago |
web.nvd.nist.gov
CVE-2023-21380 (android)
5 months, 4 weeks ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
5 months, 4 weeks ago |
web.nvd.nist.gov
CVE-2023-21385 (android)
5 months, 4 weeks ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Researcher, SIEM
@ Huntress | Remote Canada
Senior Application Security Engineer
@ Revinate | San Francisco Bay Area
Cyber Security Manager
@ American Express Global Business Travel | United States - New York - Virtual Location
Incident Responder Intern
@ Bentley Systems | Remote, PA, US
SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May
@ EMW, Inc. | Mons, Wallonia, Belgium