168 matches found
CVE-2019-9510
A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic...
Magento Insecure Authentication and Session Management Vulnerability
Magento is an open source PHP e-commerce system from the U.S. company Magento. An insecure authentication and session management vulnerability exists in Magento. An attacker can exploit this vulnerability to gain access to the customer account index page via the guest session ID value after a...
CVE-2017-12159
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks...
CVE-2019-3790
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was...
CVE-2019-1573
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN...
BigProf AppGini Information Disclosure Vulnerability
BigProf AppGini is a suite of platforms for creating responsive data management applications from BigProf Software, Egypt. A security vulnerability exists in BigProf AppGini version 5.70 that stems from the program's use of MD5 hashing to store passwords in the database. An attacker could exploit...
Microsoft Internet Explorer Security Bypass Vulnerability (CNVD-2018-24940)
Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Internet Explorer IE is a Web browser that comes with the Windows operating system. A security feature bypass vulnerability exists in Microsoft IE version 11. A remote attacker with a...
Microsoft Internet Explorer Multiple Vulnerabilities (KB4457426)
This host is missing a critical security update according to Microsoft security updates KB4457426. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
PT-2018-5673 · Mysql Server · Mysql Multi-Master Replication Manager
Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the clear ip function, resulting in arbitrary command execution with the privileg...
Multiple vulnerabilities in Cybozu Garoon
Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. SQL injection in the application "Address" CWE-89 - CVE-2018-0530 Operation restriction bypass in the "Folder settings" CWE-264 - CVE-2018-0531 Operation restriction bypass in the setting of Login...
Doorkeeper gem has stored XSS on authorization consent view
Stored XSS on the OAuth Client's name will cause users being prompted for consent via the "implicit" grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link...
Hardcoded credentials
The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST and DPC3941T firmware version DPC39412.5s3PRODsey devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded...
IBM Maximo Asset Management Session Hijacking Vulnerability
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A security...
CVE-2016-6337
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...
Session fixation
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...
CVE-2016-6337
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...
CVE-2016-6337
MediaWiki 1.27.x prior to 1.27.1 is vulnerable to a remote access bypass: a attacker could exploit a path via UserGetRights after Session::getAllowedUserRights to bypass session restrictions. The issue affects the specified MediaWiki 1.27.x range and enables partial authentication to bypass acces...
CVE-2016-6337
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights...
Revive Adserver Session Fixation Vulnerability
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver versions prior to 3.2.3. An attacker can exploit the...
Ubuntu Session Hijacking Vulnerability
Ubuntu is a Linux operating system with a focus on desktop applications. Ubuntu suffers from a session hijacking vulnerability that can be exploited by a local attacker to gain access to a session...