431 matches found
CVE-2003-0945
CVE-2003-0945 affects SAP DB Web-tools Web Database Manager prior to 7.4.03.30. The vulnerability stems from generating predictable session IDs in the Web Database Manager, with IDs placed in the URL, enabling remote attackers to perform unauthorized activities. The issue is addressed by SAP with...
CVE-2003-0945
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities...
CVE-2001-0962
The CVE-2001-0962 entry concerns IBM WebSphere Application Server versions 3.02 through 3.53, where session IDs used in cookies are predictable. This predictability enables remote attackers to brute-force session IDs and gain privileges of WebSphere users. The documented impact is privilege escal...
CVE-2002-0121
The CVE-2002-0121 entry affects PHP 4.0 through 4.1.1, where session IDs are stored in temporary files whose names contain the session ID, enabling local users to hijack web connections. The provided documents describe the vulnerable mechanism and impact (local hijack) but do not include remediat...
CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing...
CVE-2001-1284
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users...
CVE-2001-0922
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in...
CVE-2001-1513
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' slash, as demonstrated using ctx...
CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing...
CVE-1999-0699
The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs...
CVE-1999-0699
The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs...