434 matches found
CVE-2020-2103
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page...
CVE-2020-2103
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page...
Code injection
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page...
CVE-2020-2103
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page...
CVE-2019-4411
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658...
Magento Authorization Issues Vulnerability (CNVD-2019-40734)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . Magento has an authorization problem vulnerability. An unauthenticated attacker can exploit this vulnerability t...
Unspecified Vulnerability in IBM Cognos Controller
IBM Cognos Controller is a suite of business intelligence and planning solutions from IBM in the United States. The product features process automation, financial audit control, and the creation and management of financial reports. A security vulnerability exists in IBM Cognos Controller that ste...
F5 BIG-IP and F5 BIG-IP APM Clients Information Disclosure Vulnerability
F5 BIG-IP APM Clients and F5 BIG-IP are both products of F5 Corporation, U.S.A. F5 BIG-IP APM Clients is a suite of APM client software.F5 BIG-IP is an application delivery platform that integrates the functions of network traffic management, application security management and load balancing. An...
CVE-2018-15513
Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role...
CVE-2019-14473
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...
CVE-2019-10049
It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code that is executed in the context of the victim use...
Design/Logic Flaw
It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code that is executed in the context of the victim use...
GHSA-54MG-VGRP-MWX9 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs...
The vulnerability of the Jenkins automation server allows a hacker to reuse registration data or session identifiers for authentication purposes.
The vulnerability of the Jenkins automation server is related to incorrect session duration. Exploiting this vulnerability allows a malicious actor to repeatedly use registration data or session identifiers for authentication purposes...
CVE-2018-11741
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=&GOTO8 URIs...
GHSA-V6WR-FCH2-VM5W OrientDB Server Community Edition uses insufficiently random values to generate session IDs
OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values in the server/network/protocol/http/OHttpSessionManager.java, which makes it easier for remote attackers to predict a value by...
CVE-2018-17888
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution...
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ
It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...
Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available
Summary There are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance Vulnerability Details CVEID: CVE-2016-0330 DESCRIPTION: IBM Security Identity Manager Virtual Appliance uses a weak password algorithm which allows users to create...
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...