CVE-2018-18926

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...

CVE-2018-13282

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter...

CVE-2018-5385

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some...

CVE-2018-14387

An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's...

CVE-2018-14387

An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's...

Session fixation

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected...

CVE-2018-0359

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected...

CVE-2018-0359

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected...

Symfony Session Fixation Vulnerability

Sensio Labs Symfony is the French company Sensio Labs a set of free , MVC-based PHP development framework , which provides commonly used functional components and tools , can be used to quickly create complex WEB program . Security is one of the security components . A session fixation...

CVE-2018-1532

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430...

CVE-2018-10211

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultizesessionid" value in a cookie...

IBM Integration Bus Session Hijacking Vulnerability

IBM Integration Bus formerly known as IBM WebSphere Message Broker is an enterprise service bus ESB product from IBM. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. A session hijacking vulnerability...

Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)

Synology Photostation 6.7.2-3429 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Synology PhotoStation Multiple Vulnerabilities", 'Description' = %q This modul...

Synology Photostation 6.7.2-3429 - Remote Code Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Synology PhotoStation Multiple Vulnerabilities", 'Description' = %q This module exploits...

Synology PhotoStation 6.7.2-3429 Remote Root

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Synology PhotoStation Multiple Vulnerabilities", 'Description' = %q This module exploits multiple vulnerabilities in Synology PhotoStation. When...

CVE-2017-14332

Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values...

Extreme EXOS Session Hijacking Vulnerability

Extreme EXOS is a new generation modular switch operating system from Extreme Networks. A session hijacking vulnerability exists in Extreme EXOS. A remote attacker can exploit this vulnerability by determining the SessionID value to hijack a session...

Red Hat JBoss A-MQ Hawtio console security bypass vulnerability

Red Hat JBoss A-MQ is an open source messaging platform from Red Hat, Inc. that integrates applications and devices and provides various messaging modes to support real-time messaging. The platform is used to integrate applications , endpoints and devices , and provides a variety of messaging...

PT-2017-11811 · Red Hat +1 · Freeipa +1

Name of the Vulnerable Software and Affected Versions: FreeIPA versions 4.x Description: The issue allows a remote authenticated user to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session...

CVE-2015-4683

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests...