GHSA-XG5V-696H-C3VR Cloud Foundry UAA SessionID present in Audit Event Logs

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versio...

Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2016-5953)

Summary IBM Sterling Order Management is vulnerable by exposing the session identifier on an error page Vulnerability Details CVEID: CVE-2016-5953 DESCRIPTION: IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not...

Jetty Uses Predictable Session Identifiers

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possib...

PT-2022-17165 · Thinvnc · Thinvnc

Name of the Vulnerable Software and Affected Versions: ThinVNC version 1.0b1 Description: The issue allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. This can lead to code...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco USA. A buffer error vulnerability exists in the Cisco Small Business RV Series routers, which results from the use of weak entropy in the session identifier generation function. An attacker could exploit this vulnerability by using brute force to...

CVE-2021-39066

Summary: CVE-2021-39066 affects IBM Financial Transaction Manager for SWIFT Services (multiplatform) version 3.2.4. The vulnerability arises because the product does not invalidate an existing session after certain events, enabling an attacker to hijack an authenticated session. This is documente...

CVE-2021-39066

IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040...

CVE-2021-46308

An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter...

Sourcecodester Online Railway Reservation system SQL注入漏洞

SourceCodester Online Railway Reservation system is a web-based application that provides an online platform for rail or train station passengers or potential passengers to browse their schedules and reserve seats. sourceCodester Online Railway Reservation system is vulnerable to a SQL injection...

CVE-2021-44649

creationtimestamp| type| source ---|---|--- 2022-01-12 16:17:06+00:00| seen| https://t.me/cibsecurity/35327...

UBUNTU-CVE-2021-44512

World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory...

Mitre Corporation Gfos Workforce Management 授权问题漏洞

Gfos Workforce Management, a workforce management system from Mitre Corporation, U.S.A. A security vulnerability exists in Gfos Workforce Management, which stems from poor JSESSIONID management, where the application's login page is prone to bypass authentication and an attacker can use...

CVE-2021-37974

creationtimestamp| type| source ---|---|--- 2021-10-01 08:56:19+00:00| seen| https://t.me/truesecator/2167 2021-10-01 09:59:25+00:00| exploited| https://t.me/SecLabNews/10975...

CVE-2021-37723

creationtimestamp| type| source ---|---|--- 2021-09-07 16:17:14+00:00| seen| https://t.me/cibsecurity/28331...

CSRF token exposure in TYPO3 extension

When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

✍️ Description A malicious actor is able to add "To-do" with a malicious payload to any target, and upon opening the target's summary, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept 1; Create a scan with any domain 2; Start scanning the target 3; Add a "To-do" with any title and with the...

PT-2021-22509 · Netmodule · Netmodule Nb1600 +14

Name of the Vulnerable Software and Affected Versions: NetModule NB800 versions prior to 4.3.0.113 NetModule NB1600 versions prior to 4.4.0.111 NetModule NB1601 versions prior to 4.4.0.111 NetModule NB1800 versions prior to 4.4.0.111 NetModule NB1810 versions prior to 4.4.0.111 NetModule NB2700...

CVE-2021-36793

The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...

CVE-2021-36793

The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...

Information disclosure

The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...