809 matches found
CVE-2009-4143
CVE-2009-4143 affects PHP ≤ 5.2.11 (listed as 5.2.12 exclusion) where session data handling is improper, specifically interrupt corruption of the $_SESSION array and mismanagement of session.save_path. This is referenced in multiple advisories and included in HP/HPE SMH and Debian/OpenVAS records...
CVE-2009-4143
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive...
PHP会话数据还原序列化存在任意代码执行漏洞
No description provided by source...
SA-CONTRIB-2009-074- Webform - Multiple vulnerabilities
Cross-site scripting The Webform module enables the creation of custom forms for collecting data from users. The Webform module does not properly escape field labels in certain situations. A malicious user with permission to create webforms could attempt a cross-site scripting XSS attack when...
Design/Logic Flaw
cookiecheck.php in CookieCheck 1.0 stores tmp/ccsessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."...
CVE-2008-6599
cookiecheck.php in CookieCheck 1.0 stores tmp/ccsessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."...
CVE-2008-6599
CookieCheck 1.0 (cookiecheck.php) stores tmp/cc_sessions under the web root with insufficient access control, enabling an attacker to fetch session data via a direct request to the default session save path. Affected component: CookieCheck 1.0; vulnerability arises from insecure session data stor...
CVE-2008-6599
cookiecheck.php in CookieCheck 1.0 stores tmp/ccsessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."...
DEBIAN-CVE-2009-1214
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information...
Ubuntu: Security Advisory (USN-576-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RedHat Update for thunderbird RHSA-2008:0105-01
Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2008:0105-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
CentOS Update for firefox CESA-2008:0103 centos3 i386
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2008:0103 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for firefox CESA-2008:0103 centos3 x86_64
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2008:0103 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for firefox CESA-2008:0103 centos4 x86_64
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2008:0103 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for firefox CESA-2008:0103 centos4 x86_64
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2008:0103 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Firefox XSS vulnerabilities in SessionStore
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...
CVE-2008-5810
WBPublish aka WBPublish.exe in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to 1...
Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting
Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own character encoding.A malicious page that uses the UTF-7 character encoding can includeother sites, for example inside iframes. This can be exploited toperform cross-site scripting...
Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege 953747 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in...
Cosminexus Component Container Session Handling Vulnerability
Overview The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data. Impact A remote attacker could gain unauthorized access to other users' session and obtain sensitiv...