Lucene search
K

431 matches found

CVE
CVE
added 2003/11/21 5:0 a.m.46 views

CVE-2003-0945

CVE-2003-0945 affects SAP DB Web-tools Web Database Manager prior to 7.4.03.30. The vulnerability stems from generating predictable session IDs in the Web Database Manager, with IDs placed in the URL, enabling remote attackers to perform unauthorized activities. The issue is addressed by SAP with...

7.5CVSS6.7AI score0.01457EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2003/11/21 5:0 a.m.22 views

CVE-2003-0945

The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities...

6.7AI score0.01457EPSS
Exploits1References2
CVE
CVE
added 2002/06/25 4:0 a.m.75 views

CVE-2001-0962

The CVE-2001-0962 entry concerns IBM WebSphere Application Server versions 3.02 through 3.53, where session IDs used in cookies are predictable. This predictability enables remote attackers to brute-force session IDs and gain privileges of WebSphere users. The documented impact is privilege escal...

7.5CVSS7.2AI score0.01588EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2002/06/25 4:0 a.m.50 views

CVE-2002-0121

The CVE-2002-0121 entry affects PHP 4.0 through 4.1.1, where session IDs are stored in temporary files whose names contain the session ID, enabling local users to hijack web connections. The provided documents describe the vulnerable mechanism and impact (local hijack) but do not include remediat...

2.1CVSS6.8AI score0.01183EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.22 views

CVE-2001-0962

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing...

6.8AI score0.01588EPSS
Exploits0References4
Cvelist
Cvelist
added 2002/05/03 4:0 a.m.20 views

CVE-2001-1284

Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users...

6.8AI score0.02238EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.21 views

CVE-2001-0922

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in...

6.7AI score0.01571EPSS
Exploits0References3
NVD
NVD
added 2001/12/31 5:0 a.m.16 views

CVE-2001-1513

Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' slash, as demonstrated using ctx...

7.5CVSS6.6AI score0.01532EPSS
Exploits0References3
NVD
NVD
added 2001/09/19 4:0 a.m.15 views

CVE-2001-0962

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing...

7.5CVSS6.8AI score0.01588EPSS
Exploits0References4
NVD
NVD
added 2000/04/11 4:0 a.m.13 views

CVE-1999-0699

The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs...

7.5CVSS6.6AI score0.01144EPSS
Exploits0References1
Cvelist
Cvelist
added 2000/01/04 5:0 a.m.20 views

CVE-1999-0699

The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs...

6.6AI score0.01144EPSS
Exploits0References1
Rows per page
Query Builder