CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

CVE-2017-12870

CVE-2017-12870 affects SimpleSAMLphp 1.14.12 and earlier. The issue arises from the use of AES encrypt/decrypt in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers, enabling MITM attackers to obtain sensitive information. The connected sour...

Xiamen Dragon Pulse website building system products.asp page sid parameter SQL injection vulnerability

Xiamen Dragon Pulse Network is a website building system. Xiamen Dragon Pulse Network website builder system products.asp page sid parameter exists SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from the use of a constant identifier for the active session, allowing attackers to bypass the authentication process.

The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system arises from the use of a constant identifier for the active session. Exploiting this vulnerability allows a malicious actor to bypass the authentication process by using a specially...

SAP NetWeaver AS JAVA Cross-Site Scripting Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform, the platform can provide the development and operation environment for SAP applications. SAP NetWeaver AS Application Server Java is a run in NetWeaver and based on the Java programming language...

BSA-2017-318

Security Advisory ID : BSA-2017-318 Component : SSH1 Revision : 1.0: Interim The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a...

Schneider Electric U.motion Builder Embedded Session ID Authentication Bypass Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A session ID authentication bypass vulnerability exists in Schneider Electric U.motion Builder Embedded. The application has a hard-coded static session ID.By embedding the session ID in an HTTP cookie, an attacker can bypass t...

CVE-2017-6617

Cisco IMC (Integrated Management Controller) 3.0(1c) Web GUI is vulnerable to session hijacking due to not issuing a new session identifier after user authentication. An unauthenticated, remote attacker could reuse a hijacked session to access an authenticated user’s browser session. This is docu...

Multiple IBM Products Session Identifier Vulnerabilities

IBM Financial Transaction Manager FTM for ACH Services, among others, is a financial transaction manager product from IBM Corporation in the United States, which is used to monitor, track and report on financial payments and transactions. A security vulnerability exists in a number of IBM product...

Multiple Huawei Server Design Vulnerabilities

Huawei Tecal RH1288 V2 and others are servers from Huawei, a Chinese company. A security vulnerability exists in several Huawei servers. An attacker can exploit the vulnerability by guessing the session ID used by another user to access the system with a fake identity...

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting

dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017...

dnaLIMS Code Execution / XSS / Traversal / Session Hijacking Vulnerabilities

dnaLIMS DNA sequencing application suffers from an improperly protected web shell, a directory traversal, insecure password storage, session hijacking, cross site scripting, and improperly protected content vulnerabilities. Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing...

Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation Vulnerability

Exploit for windows platform in category remote exploits Title: Trendmicro InterScan Privilege Escalation Vulnerability Publication Date: 2017.02.15 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-002.txt 1. Vulnerability Details Affected Vendor: Trendmicro Affected...

CVE-2016-5953

IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL...

Code injection

IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL...

CVE-2016-5953

IBM Sterling Order Management is affected by CVE-2016-5953, where the session identifier is transmitted in the URL and exposed on error pages as Base64-encoded data. The IBM security bulletin lists affected releases in the Sterling Selling and Fulfillment Foundation family (9.1.0, 9.2.0, 9.2.1, 9...

CVE-2016-5953

IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL...

tomcat: Session fixation

A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...

Sophos Web Appliance 4.2.1.3 Privilege Escalation

KL-001-2016-008 : Sophos Web Appliance Privilege Escalation Title: Sophos Web Appliance Privilege Escalation Advisory ID: KL-001-2016-008 Publication Date: 2016.11.03 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-008.txt 1. Vulnerability Details Affected Vendor: Soph...