22 matches found
CVE-2026-45180
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' session ids may be leaked. This may allow an attacker to use session ids a...
EUVD-2022-24716
Malicious code in bioql PyPI...
CVE-2022-1400
CVE-2022-1400 affects Device42 CMDB versions prior to 18.01.00 and is due to a hard-coded cryptographic key in Exago WebReportsApi.dll (WebReports API). This design flaw can allow an attacker to leak session IDs and elevate privileges within the appliance. The vulnerability is documented in NVD w...
UBUNTU-CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
Open-Xchange: Incomplete HTML sanitization + Session id leaking + private information disclosure
Hello, I have found a chain of events that lead to session id leaking, witch can be then used to gather private data about other added inboxes to account / login id and some other infos. Unfortunatelly for me I wasn't able to make a hostile account takeover because of you session id + cookie...
Ubuntu Update for php5 vulnerabilities USN-549-1
Ubuntu Update for Linux kernel vulnerabilities USN-549-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5491.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for php5 vulnerabilities USN-549-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
RedHat Update for php RHSA-2008:0546-01
Check for the Version of php OpenVAS Vulnerability Test RedHat Update for php RHSA-2008:0546-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
CentOS Update for php CESA-2008:0546-01 centos2 i386
Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2008:0546-01 centos2 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for php CESA-2008:0544 centos3 x86_64
Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2008:0544 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
CentOS Update for php CESA-2008:0544 centos3 x86_64
Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2008:0544 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
php session ID leakage
The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...
Moderate: Red Hat Security Advisory: php security update
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. ...
php security update
CentOS Errata and Security Advisory CESA-2008:0545 Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripti...
php security update
CentOS Errata and Security Advisory CESA-2008:0544 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
php session ID leakage
The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...
Moderate: Red Hat Security Advisory: php security update
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. ...
php session ID leakage
The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...
Moderate: Red Hat Security Advisory: php security update
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
RHEL 4 : php (RHSA-2008:0545)
Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
php session ID leakage
The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...