192 matches found
PT-2024-8964 · Brocade · Brocade Fabric Os
Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.2.2 Description: The issue is related to weaknesses in the authentication procedure of Brocade Fabric OS, allowing a remote attacker to hijack a service session. This could be achieved through...
The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows a perpetrator to establish a VPN session on a vulnerable device.
The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD is related to the absence of authentication procedures. Exploiting this vulnerability allows a...
CVE-2024-3794
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3792
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...
Delinea PAM Secret Server Security Bypass Vulnerability
Delinea PAM Secret Server is a key service manager from Delinea. A security bypass vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to gain unauthorized access to a created remote session...
Delinea PAM Secret Server 安全漏洞
Delinea PAM Secret Server is a key service manager from Delinea. A security bypass vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to gain unauthorized access to a created remote session...
PT-2024-1361 · Totolink · Totolink N200Re
Name of the Vulnerable Software and Affected Versions: Totolink N200RE V5 version 9.3.5u.6255 B20211224 Description: The issue is related to the /cgi-bin/cstecgi.cgi file in the Totolink N200RE router's firmware, specifically concerning incorrect session expiration. This can allow a remote attack...
CVE-2024-0350
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...
PT-2023-32763 · Thecosy · Icecms
Name of the Vulnerable Software and Affected Versions: Thecosy IceCMS versions up to 2.0.1 Description: A critical vulnerability was found in Thecosy IceCMS, allowing remote attackers to manage user sessions. The manipulation affects unknown code and can be initiated remotely. The exploit has bee...
SUSE CVE-2023-46446
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...
UBUNTU-CVE-2023-46446
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...
AsyncSSH Security Vulnerability
AsyncSSH is a Python package that provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. A security vulnerability exists in AsyncSSH v2.14.0 and earlier versions, which stems from a vulnerability that allows an attacker to take...
GHSA-C35Q-FFPF-5QPM AsyncSSH Rogue Session Attack
Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...
The vulnerability of the libspdm library, related to the absence of an authentication procedure that allows attackers to intercept user sessions
The vulnerability of the libspdm library is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to intercept a user’s session remotely...
HPE MSA Storage Session Reuse (HPESBST03940)
The version of HPE MSA Storage installed on the remote host is prior to GL225P002-02, VE270P002-02, or VL270P002-02. It is, therefore, affected by a vulnerability as referenced in the HPESBST03940 advisory. - A remote session reuse vulnerability leading to access restriction bypass was discovered...
Monitor Stays Black After Terminating a Remote session on Remote PC.
Black screen on Remote PC after disconnecting. Session appears to be hung or unresponsive...
SUSE CVE-2009-2964
Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to 1 functions/mailboxdisplay.php, 2...
SUSE CVE-2014-2060
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...
SUSE CVE-2014-2066
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...
SUSE CVE-2015-5338
Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...