37 matches found
EUVD-2001-0905
Malware in sbrugna...
EUVD-2016-9945
Malware in sbrugna...
EUVD-2003-0719
Malware in sbrugna...
EUVD-2019-5659
Malware in sbrugna...
EUVD-2021-26255
Malware in sbrugna...
EUVD-2022-5270
Malicious code in bioql PyPI...
EUVD-2024-45179
Malicious code in bioql PyPI...
EUVD-2022-2825
Malicious code in bioql PyPI...
CVE-2024-50339
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...
CVE-2020-5892
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory...
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...
Wiesemann & Theis ComServer Series Authentication Bypass by Spoofing (CVE-2022-4098)
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...
CVE-2024-50339
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...
CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...
CVE-2022-4098 Wiesemann & Theis: Multiple products prone to missing authentication through spoofing
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...
GHSA-V3H2-4J2R-WQJ8 Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...
Nagios Log Server Incorrect Access Control Vulnerability
Nagios Log Server is a powerful enterprise-grade log monitoring and management application that allows organizations to quickly and easily view, sort, and configure logs from any source on any given network. An incorrect access control vulnerability exists in Nagios Log Server 2.1.3. An attacker...
CVE-2017-15911
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...
CVE-2017-15911
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...
CVE-2017-15911
The CVE-2017-15911 entry concerns Ignite Realtime Openfire Server prior to 4.1.7, where the Admin Console is vulnerable to cross-site scripting (XSS) via a crafted setup/setup-host-settings.jsp?domain= link. This allows arbitrary client-side JavaScript execution on victims after login, with poten...