Cisco Prime Home Authentication Bypass Vulnerability

A vulnerability in the web-based graphical user interface GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to a processing error in the role-based access control...

CVE-2016-6394

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...

Cisco FireSIGHT System Software Session Fixation Vulnerability

A vulnerability in session identification management functionality of the web-based management interface for Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session. The vulnerability exists because the affected application does not assign a...

CVE-2016-0339

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."...

Symphony CMS Session Fixation Vulnerability

Symphony CMS is a content management system developed in PHP and MySQL. A session fixation vulnerability exists in Symphony CMS when session.useonlycookies is enabled in the program, which can be exploited by a remote attacker to hijack a web session by submitting the PHPSESSID parameter...

CVE-2016-0910

The CVE-2016-0910 entry concerns EMC Data Domain OS. Affected versions are 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0. The vulnerability arises because GUI session identifiers are stored in a world-readable file, enabling a local attacker to hijack arbitrary accounts via uns...

WeBid SQL Injection Vulnerability

WebID is the serial number of ESET antivirus software that can be obtained automatically. An SQL injection vulnerability exists in WeBid. Because the '$SESSION"id"' talkback variable is not properly filtered, an attacker can exploit the vulnerability to alter raw SQL queries and execute arbitrary...

CVE-2006-4433

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier PHPSESSID for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session...

EMC SourceOne Email Supervisor Session Hijacking Vulnerability

EMC SourceOne Email Supervisor is an email and IM content monitoring and management solution. A session hijacking vulnerability exists in the implementation of EMC SourceOne Email Supervisor Reviewer. An attacker could exploit this vulnerability to guess the session ID of another user...

CVE-2015-2029

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier...

Session fixation

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier...

CVE-2015-2029

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier...

CVE-2015-4306

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka...

Code injection

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka...

CVE-2015-4306

Cisco Prime Collaboration Assurance web framework before 10.5.1.53684-1 is vulnerable to a session-ID-based escalation where remote authenticated users can bypass login restrictions and impersonate administrators for arbitrary tenant domains via crafted URLs (CVE-2015-4306; related CVEs 4304/4305...

CVE-2015-4306

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka...

Cisco Unified MeetingPlace Information Disclosure Vulnerability

Cisco Unified MeetingPlace conferencing solutions allow organizations to host integrated voice, video, and web conferences. Cisco Unified MeetingPlace 8.61.2 fails to properly validate session IDs within http URLs, which can be exploited by remote attackers to obtain sensitive session information...

CVE-2014-0999

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header...

CVE-2014-0999

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header...

CVE-2014-0999

Sendio ESP is affected by CVE-2014-0999 (and CVE-2014-8391) in versions prior to 7.2.4. The issue arises from including the session cookie (jsessionid) in web interface URLs, causing the session identifier to be exposed via the Referrer header when accessing email content. This enables potential ...