CVE-2018-8618

creationtimestamp| type| source ---|---|--- 2023-12-10 18:51:29+00:00| seen| https://t.me/arpsyndicate/1677...

CVE-2023-37504

HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user...

CVE-2023-36638

An improper privilege management vulnerability CWE-269 in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may...

Broadcom RAID Controller Security Vulnerability

The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation. A security vulnerability exists in the Broadcom RAID Controller that stems from an insecure HTTP in the web interface that prevents the protection of the SESSIONID cookie with the SameSite attribute...

CVE-2023-4110

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument sessionid leads to cross site scripting. The attack can be launched...

PT-2023-8703 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the improper validation of session id and tree id in compound requests in the Linux kernel's ksmbd module. Specifically, the smb2 get msg function in smb2 get...

CVE-2023-22053

creationtimestamp| type| source ---|---|--- 2023-07-19 00:36:38+00:00| seen| https://t.me/cibsecurity/66972 2023-11-15 16:53:23+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5992...

CVE-2023-34656

An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges...

CVE-2023-34656

An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges...

Xiamen Si Xin Communication Technology Video management system 安全漏洞

Xiamen Si Xin Communication Technology Video management system is a video management system from Xiamen Si Xin Communication Technology Xiamen, China. A security vulnerability exists in Xiamen Si Xin Communication Technology Video management system versions 3.1 through 4.1, which can be exploited...

Hikvision Access Control Products 授权问题漏洞

The Hikvision DS-K1T and Hikvision DS-KH are both a series of access control systems from Hikvision China. A security vulnerability exists in Hikvision Access Control Products, which stems from the fact that the session ID is not updated after a user has successfully logged in, making them...

PT-2023-23982 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: An unauthorized user can access the...

CVE-2022-36249

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...

passport 授权问题漏洞

passport is an Express-compatible Node.js authentication middleware from Jared Hanson, an individual developer in the United States. An authorization issue vulnerability exists in passport. An attacker could use this vulnerability to hijack a victim's session by throwing a valid "sessionId" cooki...

PT-2023-2102 · Abb · Abb Infinity Dc Power Plant +1

Name of the Vulnerable Software and Affected Versions: ABB Pulsar Plus System Controller NE843 S ABB Infinity DC Power Plant H5692448 G104 ABB Infinity DC Power Plant H5692448 G842 ABB Infinity DC Power Plant H5692448 G224L ABB Infinity DC Power Plant H5692448 G630-4 ABB Infinity DC Power Plant...

Session fixation

A condition for session fixation vulnerability CWE-384 in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session...

Fortinet FortiWeb 授权问题漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists in all...

SUSE CVE-2009-0030

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this...

SUSE CVE-2012-5886

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...

SUSE CVE-2019-12746

An issue was discovered in Open Ticket Request System OTRS Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be...