Emails Found in the Viewstate

Home/Alerts/Alert detail/

Risk:
Medium

Type:
Passive

CWE:
CWE-642

Summary: The following emails were found being serialized in the viewstate field:

Solution: Verify the provided information isn't confidential.

Other info: []

Top Security News

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Download: CIS Critical Security Controls v8.1

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Common Alerts

InformationalUsername Hash Found

InformationalSession Management Response Identified

HighServer Side Request Forgery

MediumRelative Path Confusion

InformationalContent-Type Header Missing

InformationalSplit Viewstate in Use

HighSQL Injection - Oracle

HighGeneric Padding Oracle

HighPath Traversal

LowInsufficient Site Isolation Against Spectre Vulnerability

Latest CVE List

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

Common CWEs

CWE-393 Return of Wrong Status Code

MediumCWE-780 Use of RSA Algorithm without OAEP

CWE-766 Critical Data Element Declared Public

CWE-580 clone() Method Without super.clone()

CWE-477 Use of Obsolete Function

CWE-223 Omission of Security-relevant Information

CWE-1109 Use of Same Variable for Multiple Purposes

CWE-1262 Improper Access Control for Register Interface

HighCWE-676 Use of Potentially Dangerous Function

CWE-1116 Inaccurate Comments

Free security scan for your website

Don't show website scan report rating on the leaderboard