Lucene search
K

133 matches found

CNNVD
CNNVD
added 2025/02/19 12:0 a.m.2 views

Lexmark 安全漏洞

Lexmark is a line of printers from Lexmark, USA. A security vulnerability exists in versions of Lexmark prior to 2020-05-25, which stems from vulnerability to cross-site scripting attacks that could allow an attacker to obtain sensitive information such as session credentials...

6.1CVSS5.7AI score0.00257EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/19 12:0 a.m.7 views

CVE-2020-13481

Certain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session credentials and other sensitive information...

0.00257EPSS
Exploits0References2
CVE
CVE
added 2025/02/19 12:0 a.m.39 views

CVE-2020-13481

Lexmark printers with embedded web servers are affected by CVE-2020-13481, a stored cross-site scripting (XSS) vulnerability. Multiple connected sources describe that the vulnerability enables an attacker to access session credentials and other information via the browser, originating from the de...

6.1CVSS5.9AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.4 views

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.13.0 that stems from vulnerability to a reflective cross-site scripting attack that allows session credentials to be stolen...

8.4CVSS5.9AI score0.00268EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/19 12:0 a.m.4 views

CVE-2020-13481

Certain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session credentials and other sensitive information...

6.1AI score0.00257EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/13 12:0 a.m.7 views

Cisco Small Business Series Switches Session Credentials Replay (CVE-2021-34739)

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...

8.1CVSS8.1AI score0.01617EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/04 11:1 p.m.3 views

CVE-2024-0947

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...

9.8CVSS5.8AI score0.00477EPSS
Exploits0References1
NVD
NVD
added 2024/09/25 4:15 p.m.17 views

CVE-2024-7421

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions...

5.5CVSS0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/25 3:12 p.m.18 views

CVE-2024-7421

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions...

0.00153EPSS
Exploits0References1
CVE
CVE
added 2024/09/25 3:12 p.m.75 views

CVE-2024-7421

The vulnerability CVE-2024-7421 affects Devolutions Remote Desktop Manager (versions up to 2024.2.20.0) on Windows. The issue is an information exposure where credentials used for WinSCP sessions can be retrieved by local attackers who can access system logs, via passwords found in command-line a...

5.5CVSS6.5AI score0.00153EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.7 views

PT-2024-6667 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.2.20.0 and earlier Description: The issue is related to an information exposure that allows local attackers with access to system logs to obtain session credentials. This occurs via passwords...

5.5CVSS6.6AI score0.00153EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2024/08/01 9:49 a.m.17 views

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API DPAPI which protects the data at rest...

7.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2024/06/27 10:15 a.m.4 views

CVE-2024-0947

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...

9.8CVSS5.8AI score0.00477EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.2 views

Elektraweb Security Vulnerabilities

Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A security vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from reliance on unvalidated and integrity-checked cookies, which allows an attacker to manipulate, access/intercept/modify HTTP...

9.8CVSS6.8AI score0.00477EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/08 7:38 p.m.14 views

CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

3.9CVSS7.2AI score0.00405EPSS
Exploits1References1
NVD
NVD
added 2024/05/16 12:15 p.m.8 views

CVE-2024-4993

Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials...

6.3CVSS5.9AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/16 11:44 a.m.13 views

CVE-2024-4993 SQL injection vulnerability in SiAdmin

Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials...

6.3CVSS6.1AI score0.00302EPSS
Exploits0References1
CVE
CVE
added 2024/05/16 11:44 a.m.44 views

CVE-2024-4993

Summary: CVE-2024-4993 describes an XSS vulnerability in SiAdmin 1.1 triggered by the /show.php query parameter, which could allow a remote attacker to craft a URL that, when opened by an authenticated user, may lead to cookie session credential leakage. What’s affected: SiAdmin 1.1; vulnerabilit...

6.3CVSS5.7AI score0.00302EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2024/04/03 7:44 p.m.16 views

Google Chrome gets ‘Device Bound Session Credentials’ to stop cookie theft

Google has announced the introduction of Device Bound Session Credentials DBSC to secure Chrome users against cookie theft. In January we reported how hackers found a way to gain unauthorized access to Google accounts, bypassing multi-factor authentication MFA, by stealing authentication cookies...

7.4AI score
Exploits0
Veracode
Veracode
added 2023/07/31 7:51 a.m.19 views

Insufficient Session Expiration

getkirby/cms is vulnerable to Insufficient Session Expiration. The vulnerability exists because web sessions are not properly expired which permits an attacker to reuse old session credentials or session IDs for authorization...

7.3CVSS6.8AI score0.0072EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder