133 matches found
Lexmark 安全漏洞
Lexmark is a line of printers from Lexmark, USA. A security vulnerability exists in versions of Lexmark prior to 2020-05-25, which stems from vulnerability to cross-site scripting attacks that could allow an attacker to obtain sensitive information such as session credentials...
CVE-2020-13481
Certain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session credentials and other sensitive information...
CVE-2020-13481
Lexmark printers with embedded web servers are affected by CVE-2020-13481, a stored cross-site scripting (XSS) vulnerability. Multiple connected sources describe that the vulnerability enables an attacker to access session credentials and other information via the browser, originating from the de...
ChurchCRM 安全漏洞
ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.13.0 that stems from vulnerability to a reflective cross-site scripting attack that allows session credentials to be stolen...
CVE-2020-13481
Certain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session credentials and other sensitive information...
Cisco Small Business Series Switches Session Credentials Replay (CVE-2021-34739)
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...
CVE-2024-0947
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
CVE-2024-7421
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions...
CVE-2024-7421
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions...
CVE-2024-7421
The vulnerability CVE-2024-7421 affects Devolutions Remote Desktop Manager (versions up to 2024.2.20.0) on Windows. The issue is an information exposure where credentials used for WinSCP sessions can be retrieved by local attackers who can access system logs, via passwords found in command-line a...
PT-2024-6667 · Devolutions · Devolutions Remote Desktop Manager
Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.2.20.0 and earlier Description: The issue is related to an information exposure that allows local attackers with access to system logs to obtain session credentials. This occurs via passwords...
Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware
Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API DPAPI which protects the data at rest...
CVE-2024-0947
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
Elektraweb Security Vulnerabilities
Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A security vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from reliance on unvalidated and integrity-checked cookies, which allows an attacker to manipulate, access/intercept/modify HTTP...
CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...
CVE-2024-4993
Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials...
CVE-2024-4993 SQL injection vulnerability in SiAdmin
Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials...
CVE-2024-4993
Summary: CVE-2024-4993 describes an XSS vulnerability in SiAdmin 1.1 triggered by the /show.php query parameter, which could allow a remote attacker to craft a URL that, when opened by an authenticated user, may lead to cookie session credential leakage. What’s affected: SiAdmin 1.1; vulnerabilit...
Google Chrome gets ‘Device Bound Session Credentials’ to stop cookie theft
Google has announced the introduction of Device Bound Session Credentials DBSC to secure Chrome users against cookie theft. In January we reported how hackers found a way to gain unauthorized access to Google accounts, bypassing multi-factor authentication MFA, by stealing authentication cookies...
Insufficient Session Expiration
getkirby/cms is vulnerable to Insufficient Session Expiration. The vulnerability exists because web sessions are not properly expired which permits an attacker to reuse old session credentials or session IDs for authorization...