364 matches found
CVE-2022-48469
There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers...
CVE-2022-33722
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address...
CVE-2021-41553
In ARCHIBUS Web Central 21.3.3.815 a version from 2014, the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the...
CVE-2021-25368
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed...
CVE-2021-25347
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed...
CVE-2021-38571
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502...
CVE-2020-24162
The Shenzhen Tencent app 5.8.2.5300 for PC platforms from Tencent App Center has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code...
CVE-2019-5245
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code...
CVE-2012-4581
McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by...
CVE-2012-4486
Cross-site request forgery CSRF vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors...
CVE-2023-31358
A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
CVE-2024-36339
A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
Hostel Management System change-password.php File Session Hijacking Vulnerability
Hostel Management System is a hostel management system. Hostel Management System has a session hijacking vulnerability that stems from improper handling of session data in the file /hostel/change-password.php, no details of the vulnerability are available at this time...
CVE-2025-2630
There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI...
CVE-2025-2630
There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI...
CVE-2025-27794
Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...
Autodesk: Twitter broken link hijacking in thewild.com
A broken link hijacking vulnerability was discovered on thewild.com. The issue was reported and subsequently fixed by Autodesk...
CVE-2025-27794
Summary: CVE-2025-27794 affects Flarum versions prior to 1.8.10, where an attacker-controlled authoritative subdomain can set cookies for the parent domain, potentially enabling session hijacking on sibling subdomains. What is affected: Flarum core (pre-1.8.10) with cookies scoped to a parent dom...
CVE-2025-20206 Cisco Secure Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
A vulnerability in the interprocess communication IPC channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This...
CVE-2025-22960
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...