Lucene search
K

168 matches found

OSV
OSV
added 2020/01/15 5:15 p.m.4 views

CVE-2019-9510

A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic...

7.8CVSS7.4AI score0.01272EPSS
Exploits0References4
CNVD
CNVD
added 2019/11/12 12:0 a.m.2 views

Magento Insecure Authentication and Session Management Vulnerability

Magento is an open source PHP e-commerce system from the U.S. company Magento. An insecure authentication and session management vulnerability exists in Magento. An attacker can exploit this vulnerability to gain access to the customer account index page via the guest session ID value after a...

7.5CVSS7.3AI score0.01949EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/10/06 8:47 p.m.29 views

CVE-2017-12159

It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks...

7.5CVSS1.9AI score0.02405EPSS
Exploits0References1
OSV
OSV
added 2019/06/06 7:29 p.m.4 views

CVE-2019-3790

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was...

5.4CVSS5.8AI score0.00663EPSS
Exploits0References2
NVD
NVD
added 2019/04/09 10:29 p.m.30 views

CVE-2019-1573

GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN...

2.5CVSS4AI score0.00275EPSS
Exploits0References5
CNVD
CNVD
added 2018/10/24 12:0 a.m.6 views

BigProf AppGini Information Disclosure Vulnerability

BigProf AppGini is a suite of platforms for creating responsive data management applications from BigProf Software, Egypt. A security vulnerability exists in BigProf AppGini version 5.70 that stems from the program's use of MD5 hashing to store passwords in the database. An attacker could exploit...

6.1CVSS5.7AI score0.01363EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/12 12:0 a.m.6 views

Microsoft Internet Explorer Security Bypass Vulnerability (CNVD-2018-24940)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Internet Explorer IE is a Web browser that comes with the Windows operating system. A security feature bypass vulnerability exists in Microsoft IE version 11. A remote attacker with a...

6.1CVSS7.4AI score0.03266EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/09/12 12:0 a.m.236 views

Microsoft Internet Explorer Multiple Vulnerabilities (KB4457426)

This host is missing a critical security update according to Microsoft security updates KB4457426. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.6CVSS6.3AI score0.13231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/05/09 12:0 a.m.8 views

PT-2018-5673 · Mysql Server · Mysql Multi-Master Replication Manager

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the clear ip function, resulting in arbitrary command execution with the privileg...

10CVSS9.8AI score0.06084EPSS
Exploits2References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/09 5:27 a.m.6 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. SQL injection in the application "Address" CWE-89 - CVE-2018-0530 Operation restriction bypass in the "Folder settings" CWE-264 - CVE-2018-0531 Operation restriction bypass in the setting of Login...

8.8CVSS7.2AI score0.01422EPSS
Exploits0References21
RubySec
RubySec
added 2018/02/21 12:0 a.m.39 views

Doorkeeper gem has stored XSS on authorization consent view

Stored XSS on the OAuth Client's name will cause users being prompted for consent via the "implicit" grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link...

6.1CVSS2.7AI score0.01479EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/07/31 3:29 a.m.22 views

Hardcoded credentials

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST and DPC3941T firmware version DPC39412.5s3PRODsey devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded...

5.8CVSS7.5AI score0.01273EPSS
Exploits1References1Affected Software2
CNVD
CNVD
added 2017/04/28 12:0 a.m.5 views

IBM Maximo Asset Management Session Hijacking Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A security...

5.6CVSS7AI score0.00777EPSS
Exploits0References1
NVD
NVD
added 2017/04/20 5:59 p.m.21 views

CVE-2016-6337

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...

7.5CVSS7.5AI score0.01231EPSS
Exploits0References2
Prion
Prion
added 2017/04/20 5:59 p.m.14 views

Session fixation

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...

5CVSS7.1AI score0.01231EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2017/04/20 5:0 p.m.27 views

CVE-2016-6337

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...

7.5CVSS7.5AI score0.01231EPSS
Exploits0
CVE
CVE
added 2017/04/20 5:0 p.m.58 views

CVE-2016-6337

MediaWiki 1.27.x prior to 1.27.1 is vulnerable to a remote access bypass: a attacker could exploit a path via UserGetRights after Session::getAllowedUserRights to bypass session restrictions. The issue affects the specified MediaWiki 1.27.x range and enables partial authentication to bypass acces...

7.5CVSS7.4AI score0.01231EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/04/20 5:0 p.m.18 views

CVE-2016-6337

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...

7.5AI score0.01231EPSS
Exploits0References2
CNVD
CNVD
added 2017/03/31 12:0 a.m.4 views

Revive Adserver Session Fixation Vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver versions prior to 3.2.3. An attacker can exploit the...

9.8CVSS9.2AI score0.02656EPSS
Exploits0References1
CNVD
CNVD
added 2015/09/18 12:0 a.m.4 views

Ubuntu Session Hijacking Vulnerability

Ubuntu is a Linux operating system with a focus on desktop applications. Ubuntu suffers from a session hijacking vulnerability that can be exploited by a local attacker to gain access to a session...

2.1CVSS6.8AI score0.00365EPSS
Exploits0References1
Rows per page
Query Builder