465 matches found
Red Hat Keycloak 授权问题漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An authorization issue vulnerability exists in Red Hat Keycloak that stems from a session fixation issue discovered in the SAML adapter. Even i...
CVE-2024-43299
creationtimestamp| type| source ---|---|--- 2024-08-26 23:51:01+00:00| seen| https://t.me/cvedetector/4213...
SUSE CVE-2023-4727
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...
CVE-2024-24552
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing...
DEBIAN-CVE-2023-4727
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...
OpenSSL 0.9.8 < 0.9.8q Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8q. It is, therefore, affected by a vulnerability as referenced in the 0.9.8q advisory. - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification o...
Fortinet FortiWeb - Weak generation of WAF session IDs leads to session fixation (FG-IR-21-214)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-214 advisory. - A condition for session fixation vulnerability CWE-384 in the session management of FortiWeb versions 6.4 all versions, 6.3....
PT-2024-40226 · Unknown · Scheb/Two-Factor-Bundle
Name of the Vulnerable Software and Affected Versions: scheb/two-factor-bundle versions prior to 3.26.0 scheb/two-factor-bundle versions prior to 4.11.0 Description: A security issue allowed attackers to bypass two-factor authentication 2FA using the remember me cookie. When the remember me...
Kimai 信息泄露漏洞
kimai is a web-based multi-user time tracking application from the individual developer of kimai. An information disclosure vulnerability exists in Kimai version 2.15.0 and prior versions, which stems from an incorrect manipulation of the PHPSESSIONID parameter that can lead to information...
PT-2024-25703 · Ipmi · Ipmi
Name of the Vulnerable Software and Affected Versions: IPMI affected versions not specified Description: The issue concerns implementations of IPMI Authenticated sessions that do not provide enough randomness, making them susceptible to session hijacking. An attacker can exploit this by using...
GHSA-C9H6-V78W-52WJ Keycloak vulnerable to session hijacking via re-authentication
A flaw was found in Keycloak. An active keycloak session can be hijacked by initiating a new authentication having the query parameter prompt=login and forcing the user to enter his credentials once again. If the user cancels this re-authentication by clicking Restart login, the account takeover...
PT-2024-21355 · Unknown · Recrystallize Server
Name of the Vulnerable Software and Affected Versions: ReCrystallize Server version 5.10.0.0 Description: The issue concerns an authorization mechanism that relies on the value of a cookie but does not bind this value to a session ID. This allows attackers to easily modify the cookie value within...
PT-2024-19194 · Elspec · Elspec G5 Digital Fault Recorder
Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue was discovered in the Elspec G5 digital fault recorder. A hardcoded backdoor session ID exists that can be used for further access to the device, including...
CVE-2023-36483
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...
CVE-2019-19580
creationtimestamp| type| source ---|---|--- 2024-03-10 14:11:53+00:00| seen| https://t.me/ctinow/204258...
CVE-2016-3131
creationtimestamp| type| source ---|---|--- 2024-02-28 10:41:10+00:00| seen| https://t.me/ctinow/195305...
The vulnerability lies in the implementation of the TLS protocol in the cURL command-line utility. This allows a hacker to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the TLS protocol’s command-line utility cURL stems from an erroneous preservation of the session identifier due to lack of verification of certificate revocation. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions and gain unauthorized...
Authentication flaw
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or...
CVE-2023-50920
GL.iNet devices prior to version 4.5.0 are affected by CVE-2023-50920, where the device assigns the same session ID after each reboot, enabling session ID reuse across sessions and bypassing authentication/access controls. Affected models include A1300 (4.4.6), AX1800 (4.4.6), AXT1800 (4.4.6), MT...
qBit MatUI Security Vulnerability
qBit MatUI is a material WebUI for qBittorrent by the individual developer Bilal Ahmed. A security vulnerability exists in qBit MatUI version 1.16.4, which stems from the presence of a cross-site scripting XSS vulnerability that allows remote attackers to obtain sensitive information via a fixed...