Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

183 matches found

OSV
OSVadded 2009/05/14 5:30 p.m.5 views

CVE-2009-1629

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to 1 hijack a session or 2 cause a denial of service session ID exhaustion via a brute-force attack...

6.3AI score
Exploits0References7
Debian CVE
Debian CVEadded 2009/05/14 5:0 p.m.21 views

CVE-2009-1629

Removed by vendor...

6.8CVSS6.7AI score0.02325EPSS
Exploits1
Cvelist
Cvelistadded 2009/01/02 6:0 p.m.19 views

CVE-2008-5809

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id...

6.2AI score0.0101EPSS
Exploits0References4
CVE
CVEadded 2009/01/02 6:0 p.m.35 views

CVE-2008-5809

The CVE-2008-5809 affects futomi CGI Cafe’s Access Analyzer CGI: Standard v4.0.1 and earlier and Professional v4.11.3 and earlier, where a predictable session ID enables remote attackers to hijack sessions and view analysis results. Root cause: predictable session identifiers. Impact: partial dis...

5.8CVSS6.3AI score0.0101EPSS
Exploits0References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2008/12/17 6:30 a.m.1 views

Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Overview Access Analyzer CGI from futomi's CGI Cafe contains a predictable session ID vulnerability. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could...

5.8CVSS6.6AI score0.0101EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2008/12/12 12:0 a.m.41 views

JVN#07468800 Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could impersonate an administrator of Access Analyzer CGI. As a result, a remote attacker could view access...

5.8CVSS6.3AI score0.0101EPSS
Exploits0
Packet Storm
Packet Stormadded 2007/12/28 12:0 a.m.37 views

runcms-multi.txt

Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007 Date of Public Advisory: 25.12.2007...

7.4AI score
Exploits0
seebug.org
seebug.orgadded 2007/12/26 12:0 a.m.96 views

RunCMS 1.6 Multiple Remote Vulnerabilities

No description provided by source. Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007...

7.1AI score
Exploits0
securityvulns
securityvulnsadded 2007/12/26 12:0 a.m.266 views

Multiple vulnerabilities in RUNCMS 1.6 by DSecRG

Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007 Date of Public Advisory: 25.12.2007...

Exploits0
exploitpack
exploitpackadded 2007/12/25 12:0 a.m.28 views

RunCMS 1.6 - Multiple Vulnerabilities

RunCMS 1.6 - Multiple Vulnerabilities Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.200...

0.5AI score
Exploits0
0day.today
0day.todayadded 2007/12/25 12:0 a.m.28 views

RunCMS 1.6 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================== RunCMS 1.6 Multiple Remote Vulnerabilities ========================================== Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL:...

7.1AI score
Exploits0
Exploit DB
Exploit DBadded 2007/12/25 12:0 a.m.49 views

RunCMS 1.6 - Multiple Vulnerabilities

Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007 Date of Public Advisory: 25.12.2007...

7.4AI score
Exploits0
NVD
NVDadded 2007/02/07 11:28 a.m.10 views

CVE-2006-6969

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possib...

6.8CVSS7AI score0.01561EPSS
Exploits0References8
Cvelist
Cvelistadded 2005/02/28 5:0 a.m.13 views

CVE-2004-0944

The web management interface for Mitel 3300 Integrated Communications Platform ICP before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie...

6.7AI score0.01373EPSS
Exploits0References3
securityvulns
securityvulnsadded 2005/02/28 12:0 a.m.34 views

Mitel 3300 ICP IP PBX VOIP device Web session hijack

Predictable session id allos to hijack Web administration session...

2AI score
Exploits0References1
NVD
NVDadded 2004/02/28 5:0 a.m.7 views

CVE-2004-0944

The web management interface for Mitel 3300 Integrated Communications Platform ICP before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie...

5CVSS6.7AI score0.01373EPSS
Exploits0References3
CVE
CVEadded 2003/11/21 5:0 a.m.45 views

CVE-2003-0945

CVE-2003-0945 affects SAP DB Web-tools Web Database Manager prior to 7.4.03.30. The vulnerability stems from generating predictable session IDs in the Web Database Manager, with IDs placed in the URL, enabling remote attackers to perform unauthorized activities. The issue is addressed by SAP with...

7.5CVSS6.7AI score0.01457EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2003/11/21 5:0 a.m.18 views

CVE-2003-0945

The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities...

6.7AI score0.01457EPSS
Exploits1References2
Cvelist
Cvelistadded 2002/05/03 4:0 a.m.19 views

CVE-2001-1284

Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users...

6.8AI score0.02238EPSS
Exploits0References3
Cvelist
Cvelistadded 2001/01/22 5:0 a.m.19 views

CVE-2000-0111

The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions...

6.7AI score0.01403EPSS
Exploits0References1
Rows per page
Query Builder