SUSE CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...

SUSE CVE-2007-5899

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

SUSE CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

SUSE CVE-2020-1773

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects OTRS Community Edition:...

The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of the “Secure” attribute being set in the authentication session cookies. This allows attackers to carry out attacks aimed at intercepting HTTP network traffic and obtaining the user’s session identifier.

The vulnerability of Websoft HCM’s automation software for HR processes stems from the lack of the “Secure” attribute being set in the authentication session cookies. Exploiting this vulnerability allows a remote attacker to conduct attacks aimed at intercepting HTTP network traffic and obtaining...

BACKCLICK 授权问题漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK version 5.9.63, which stems from an insecure implementation of session tracking, and can be exploited by an...

CVE-2022-42787

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...

Smart eVision 安全漏洞

Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. It can integrate business management rooms, dashboards, reports, and input interfaces for business operations management...

HotelDruid 安全漏洞

HotelDruid is a hotel management system by the Digitaldruid.net team. The system includes features such as room management, financial management and inventory management. A security vulnerability exists in HotelDruid Hotel Management Software version v3.0.3 and prior versions, which originates fr...

PT-2022-23192 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 5.7.15 Description: The request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. There are no known workarounds for this issue...

CVE-2022-26647

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

SimpleSAMLphp Unauthenticated encryption in CBC mode

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

GHSA-44PR-MGCP-V36R SimpleSAMLphp Unauthenticated encryption in CBC mode

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

GHSA-JG2X-R643-W2CH Jetty Uses Predictable Session Identifiers

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possib...

CVE-2021-44141

creationtimestamp| type| source ---|---|--- 2022-02-01 18:07:20+00:00| seen| https://t.me/itsecalert/136 2022-02-21 20:11:42+00:00| seen| https://t.me/cibsecurity/37874...

tmate-ssh-server 安全漏洞

Tmate-Ssh-Server is a Tmate Ssh server. tmate-ssh-server suffers from a security vulnerability that could be exploited by an attacker to compromise the integrity of session processing or to obtain read and write session IDs from read-only session symbolic links in this directory...

rubygem-activerecord-session_store: hijack sessions by using timing attacks targeting the session id

A flaw was found in the activerecord-sessionstore Active Record Session Store component through version 1.1.3 for Ruby on Rails where it does not use a constant time approach when delivering information about whether a guessed session ID is valid. This flaw allows remote attackers to leverage...

GHSA-CG3Q-59W7-RVC2 Reliance on Cookies without Validation and Integrity Checking in getgrav/grav

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. A cookie with an overly broad path can be accessed through other applications on the same domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications c...

PT-2021-15291 · Unknown · Revive Adserver

Name of the Vulnerable Software and Affected Versions: revive-adserver versions prior to 5.3.0 Description: The issue is related to the generation of session IDs, which is based on the cryptographically insecure uniqid PHP function. This could potentially allow an attacker to brute force session...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add new Milestone with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new Milestone to the system at the /tickets/roadmap URI with the +...