Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lasso vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-0050
Lasso 2.2.1 and previous versions does not properly check the return value from the OpenSSL DSA_verify function, which allows remote malicious users to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Entrouvert Lasso
Entrouvert Lasso 2.0.0-1
Entrouvert Lasso 1.9.9.0
NA
CVE-2005-2605
Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows malicious users to bypass authentication, related to [Auth] tags.
Omnipilot Software Lasso Professional Server 8.0.4
Omnipilot Software Lasso Professional Server 8.0.5
NA
CVE-1999-1250
Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote malicious users to read arbitrary files.
Blue World Communications Lasso Cgi
NA
CVE-2002-2118
Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote malicious users to cause a denial of service via a long URL.
Blue World Communications Lasso Web Data Engine 3.6.5
7.5
CVSSv3
CVE-2021-28091
Lasso all versions before 2.7.0 has improper verification of a cryptographic signature.
Entrouvert Lasso
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
1 Github repository
8.8
CVSSv3
CVE-2023-45606
Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.
Getlasso Simple Urls
6.1
CVSSv3
CVE-2023-40667
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <= 117 versions.
Getlasso Simple Urls
NA
CVE-2012-6426
LemonLDAP::NG prior to 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote malicious users to bypass intended access-control restrictions via crafted SAML data.
Lemonldap-ng Lemonldap\\ \\
5.4
CVSSv3
CVE-2023-40674
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product...
Getlasso Simple Urls
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started