CVE-2017-9280

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar...

CVE-2017-9280

CVE-2017-9280 affects NetIQ Identity Manager Applications prior to 4.5.6.1. The vulnerability arises from session tokens being included in GET URLs, which can expose user sessions to untrusted third parties via proxies, referer URLs, or similar channels. The issue is documented across multiple so...

CVE-2006-3328

newticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter "Ticket Description" field that points to a URL that captures referer URLs, possibly due to a cross-site scripting XSS vulnerability or a leak of...

CVE-2006-3328

CVE-2006-3328 affects Hostflow 2.2.1-15. The issue is triggered by an IMG tag in the desc parameter (Ticket Description) that can capture referer URLs, enabling retrieval or replay of authentication credentials via potential XSS or credential leakage in referer headers. NVD lists a base score of ...