Lucene search
K

468 matches found

Tenable Nessus
Tenable Nessus
added 2010/12/07 12:0 a.m.56 views

OpenSSL 1.0.0 < 1.0.0c Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0c. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0c advisory. - OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allo...

7.5CVSS7.1AI score0.09497EPSS
Exploits1References5
CVE
CVE
added 2010/12/06 10:0 p.m.109 views

CVE-2008-7270

CVE-2008-7270 affects OpenSSL before 0.9.8j when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, allowing an attacker to modify the session-cached ciphersuite and potentially force a disabled cipher. The issue is triggered by session cache handling and is distinct from CVE-2010-4180. Public d...

4.3CVSS8.1AI score0.03426EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2010/12/06 9:5 p.m.7 views

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

7.3AI score
Exploits0References67
Prion
Prion
added 2010/12/06 9:5 p.m.27 views

Session fixation

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

4.3CVSS6.6AI score0.09497EPSS
Exploits0References50Affected Software9
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.4 views

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

4.3CVSS5.8AI score0.16944EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.5 views

tomcat handling of cookies

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes "'" as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks...

4.3CVSS5.8AI score0.37497EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/12/14 12:0 a.m.17 views

FreeBSD Ports: rt

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5.8CVSS6.3AI score0.02745EPSS
Exploits0References1
NVD
NVD
added 2009/12/02 4:30 p.m.9 views

CVE-2009-3585

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...

5.8CVSS6.3AI score0.02745EPSS
Exploits0References16
Prion
Prion
added 2009/12/02 4:30 p.m.13 views

Session fixation

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...

5.8CVSS6.6AI score0.02745EPSS
Exploits0References16Affected Software1
UbuntuCve
UbuntuCve
added 2009/12/02 4:30 p.m.20 views

CVE-2009-3585

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...

5.8CVSS5.8AI score0.02745EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2009/12/02 4:30 p.m.20 views

CVE-2009-4151

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a relate...

5.8CVSS5.8AI score0.01838EPSS
Exploits0References2
Cvelist
Cvelist
added 2009/12/02 4:0 p.m.20 views

CVE-2009-3585

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...

6.3AI score0.02745EPSS
Exploits0References16
CVE
CVE
added 2009/12/02 4:0 p.m.64 views

CVE-2009-3585

CVE-2009-3585 concerns a session fixation vulnerability in Best Practical Solutions RT 3.0.0–3.6.9 and 3.8.x–3.8.5, in the SetupSessionCookie flow (html/Elements/SetupSessionCookie). The underlying issue allows remote attackers to hijack a user’s web session by manipulating the session identifier...

5.8CVSS6.2AI score0.02745EPSS
Exploits0References16Affected Software1
Prion
Prion
added 2009/11/13 3:30 p.m.18 views

Cross site scripting

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

4.3CVSS6.1AI score0.04038EPSS
Exploits3References9Affected Software1
RedHat Linux
RedHat Linux
added 2009/11/09 3:37 p.m.3 views

Improve cookie parsing for tomcat5

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...

5CVSS6AI score0.62575EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2009/03/06 12:0 a.m.40 views

RedHat Update for php RHSA-2008:0544-01

Check for the Version of php OpenVAS Vulnerability Test RedHat Update for php RHSA-2008:0544-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

10CVSS9AI score0.04696EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2009/02/03 11:30 a.m.3 views

CVE-2008-6039

Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter...

6.8CVSS5.8AI score0.02062EPSS
Exploits1References6
securityvulns
securityvulns
added 2009/01/28 12:0 a.m.67 views

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

HACKATTACK Advisory 25012009ConPresso CMS 4.07 - Session Fixation, XFS, XSS Details Product: ConPresso CMS 4.07 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.de/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

0.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/07/16 9:55 a.m.56 views

Moderate: Red Hat Security Advisory: php security and bug fix update

Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

10CVSS7.3AI score0.04696EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2008/07/16 9:36 a.m.7 views

php session ID leakage

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

4.3CVSS5.9AI score0.03393EPSS
Exploits0References4
Rows per page
Query Builder