170 matches found
CVE-2022-36179
Fusiondirectory 1.3 suffers from Improper Session Handling...
CVE-2022-36179
Fusiondirectory 1.3 suffers from Improper Session Handling...
Improper Session Management
rdiffweb is vulnerable to Improper Session Management. The vulnerability exists because the library does not invalidate all the session tokens for a user on a password change, resulting in users logged in with the old password to continue being logged in...
CVE-2022-40843
Affected product: Tenda AC1200 V-W15Ev2 (W15Ev2, firmware version V15.11.0.10(1576)). Vulnerability: Improper authorization/improper session management allows bypassing the router login page. This can lead to reading the router’s syslog.log file which contains the MD5 password of the Administrato...
Session fixation
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 inclusive, due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this...
CVE-2022-40630 Improper Session Management Vulnerability in Tacitine Firewall
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 inclusive, due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this...
Denial Of Service (DoS)
wolfSSL is vulnerable to denial of service. The vulnerability exists when client connects to a wolfSSL server and SSLclear due to improper session handling which allows an attacker to cause an application crash...
Inductive Automation Ignition 安全漏洞
Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, USA. The platform supports SCADA data acquisition and monitoring systems, HMI human machine interface and more. A security vulnerability exists in Inductive Automation Ignition...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to improper session management, allows a perpetrator to compromise data integrity.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to improper session management. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...
CVE-2022-22283
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App...
CVE-2022-22283
Samsung Health suffers from an improper session management vulnerability that prevents logging out. Multiple connected sources indicate affected versions are prior to 6.20.1.005. The issue stems from session handling that could allow access to sensitive data after account status changes or device...
CVE-2021-25966
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even aft...
Session fixation
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even aft...
CVE-2021-25966
CVE-2021-25966 affects Orchard Core CMS: versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change, allowing a user who was already logged in to retain access even after the password is changed. The connected sources provide explicit details on aff...
CVE-2021-25966 Orchard Core CMS - Improper Session Termination after Password Change
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even aft...
SANS Experts: 4 Emerging Enterprise Attack Techniques
In a recent report, a panel of SANS Institute experts broke down key takeaways and emerging attack techniques from this year’s RSA Security Conference. The long and short of it? This next wave of malicious methodologies isn’t on the horizon — it’s here. When it comes to supply-chain and ransomwar...
CVE-2021-22497 Advanced Authentication Improper Session Management
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue...
CVE-2021-22497
CVE-2021-22497 affects Advanced Authentication versions prior to 6.3 SP4 . The underlying issue is an improper session management that can lead to a potential broken authentication . According to the provided metrics, the CVSS v3.1 base score is 7.2 (HIGH) with a network attack vector and low att...
CVE-2021-21308 Improper session management for soft logout
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2...
CVE-2019-14480
AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges...