Lucene search
K

438 matches found

OSV
OSV
added 2018/10/12 2:29 p.m.4 views

CVE-2018-17888

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution...

9.8CVSS6.1AI score0.29639EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2018/10/01 7:42 p.m.3 views

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

7.5CVSS5.8AI score0.02204EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:43 p.m.68 views

Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available

Summary There are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance Vulnerability Details CVEID: CVE-2016-0330 DESCRIPTION: IBM Security Identity Manager Virtual Appliance uses a weak password algorithm which allows users to create...

10CVSS1.7AI score0.89058EPSS
Exploits7Affected Software1
NVD
NVD
added 2017/09/01 1:29 p.m.43 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.4AI score0.00875EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/09/01 1:29 p.m.22 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS6.2AI score0.00875EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/09/01 1:29 p.m.4 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.5AI score0.00875EPSS
Exploits0References2
Prion
Prion
added 2017/09/01 1:29 p.m.16 views

Code injection

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

4.3CVSS5.5AI score0.00875EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/09/01 1:0 p.m.44 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.4AI score0.00875EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/09/01 1:0 p.m.27 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.4AI score0.00875EPSS
Exploits0
CNVD
CNVD
added 2017/08/30 12:0 a.m.10 views

IBM Sametime Session Enumeration Vulnerability

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A security vulnerability exists in IBM Sametime versions 8.5.2 and 9.0. An attacker could...

4.3CVSS4.8AI score0.00962EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/25 12:0 a.m.2 views

Cisco Integrated Management Controller Hijacked Session Vulnerability

Cisco Integrated Management Controller IMC is the U.S. Cisco Cisco company a set of tools for the management of the UCS Unified Computing System, which supports HTTP, SSH access, etc., and can be on the server, shutdown and reboot operations. A security vulnerability exists in the session...

5.4CVSS7.1AI score0.00967EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/10 12:0 a.m.4 views

Schneider Electric Modicon PLC Multiple Authentication Bypass Vulnerability (CNVD-2017-04918)

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. A multiple authentication bypass vulnerability exists in the Schneider Electric Modicon PLC, where an attacker accessing the OT network could intercept traffic to the target...

9.8CVSS7.3AI score0.05139EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/07 12:0 a.m.2 views

Multiple Huawei server information leakage vulnerabilities

Huawei Tecal RH1288 V2 and others are servers from Huawei, a Chinese company. An information disclosure vulnerability exists in several Huawei servers. The vulnerability can be exploited by an attacker to view the session IDs of all online users in the Online Users page of the Web UI...

6.5CVSS6.2AI score0.00592EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/05 12:0 a.m.1 views

Hak5 WiFi Pineapple Pre-Configured Command Injection Vulnerability

Hak5 WiFi Pineapple is a penetration testing tool used in offensive wireless campaigns. A command injection vulnerability exists in the Hak5 WiFi Pineapple preconfiguration, which can be exploited by an attacker to use predictable anti-CSRF tokens based on session IDs...

7.5CVSS7.6AI score0.36954EPSS
Exploits7References1
RedHat Linux
RedHat Linux
added 2017/03/07 7:6 p.m.5 views

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

7.5CVSS7.4AI score0.16038EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2017/03/07 7:5 p.m.2 views

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

7.5CVSS7.4AI score0.16038EPSS
Exploits0References8
CNVD
CNVD
added 2017/02/10 12:0 a.m.0 views

Revive Adserver REVIVE-SA-2017-001 Session Fixation Vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A session fixation vulnerability exists in Revive Adserver 4.0.0 and earlier versions. An attacker can exploit...

5.9CVSS6.1AI score0.01167EPSS
Exploits0References1
OSV
OSV
added 2017/02/09 3:59 p.m.1 views

CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...

7.5CVSS7.1AI score0.74EPSS
Exploits7References8
OSV
OSV
added 2017/02/01 10:59 p.m.3 views

CVE-2016-5953

IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL...

3.7CVSS5.8AI score0.00842EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/11/03 8:12 a.m.4 views

tomcat: security manager bypass via StatusManagerServlet

It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs...

4.3CVSS7.2AI score0.06232EPSS
Exploits0References5
Rows per page
Query Builder