Lucene search
K

1822 matches found

Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.12 views

openSUSE Security Update : xrdp (xrdp-443)

This update fixes multiple buffer overflows that can be exploited remotely to execute arbitrary code. Additionally xrdp does not register remote session as local anymore. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

6.2AI score
Exploits0References2
exploitpack
exploitpack
added 2009/05/29 12:0 a.m.27 views

Arab Portal 2.2 - Authentication Bypass

Arab Portal 2.2 - Authentication Bypass Script Name : Arab portal 2.2 Remote Auth SQL Bypass Vulnerabilitiy Script home : http://www.arab-portal.info/arabportal22.zip Exploit risk level : High Found By : RoMaNcYxHaCkEr RXH Written By : Sniper Code S.C.T - 443 Our home : WwW.Sec-Code.CoM Security ...

0.1AI score
Exploits0
NVD
NVD
added 2009/05/26 3:30 p.m.23 views

CVE-2009-1634

The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors...

7.5CVSS6.9AI score0.07217EPSS
Exploits0References6
Prion
Prion
added 2009/05/26 3:30 p.m.23 views

Session fixation

The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors...

7.5CVSS7.5AI score0.07217EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2009/05/26 3:16 p.m.28 views

CVE-2009-1634

The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors...

6.9AI score0.07217EPSS
Exploits0References6
CVE
CVE
added 2009/05/26 3:16 p.m.55 views

CVE-2009-1634

The CVE-2009-1634 affects the WebAccess component in Novell GroupWise 7.x (before 7.03 HP3) and 8.x (before 8.0 HP2). It arises from improper session management, allowing remote attackers to gain access to user accounts via unspecified vectors. According to NVD, the vulnerability has CVSSv2 base ...

7.5CVSS7.1AI score0.07217EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2009/04/03 12:0 a.m.3233 views

glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit

?php / glFusion = 1.1.2 COMapplyFilter/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Found another vector of injection in...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2009/03/24 12:0 a.m.61 views

Rittal CMC-TC Processing Unit II multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application: Rittal...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2009/03/23 12:0 a.m.50 views

Rittal CMC-TC Processing Unit II XSS / Command Execution

Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application: Rittal CMC-TC PU II Web management Devices: CMC-TC PU II D...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2009/03/23 12:0 a.m.42 views

Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities

Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application...

0.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2009/01/19 9:16 p.m.2 views

squirrelmail: session management flaw

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this...

6.5CVSS5.8AI score0.02159EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2008/12/15 12:0 a.m.15 views

Fedora 9 : phpMyAdmin-3.1.1-1.fc9 (2008-11208)

Improvements for 3.1.1.0: - core Navi panel server links wrong - core bad session.savepath not detected - core Re-login causes PMA to forget current table name - export do not include view name in export - display enable copying of auto increment by default - core do not bail out creating session...

5.6AI score
Exploits0References2
securityvulns
securityvulns
added 2008/11/27 12:0 a.m.56 views

[HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation

HACKATTACK Advisory 3Social Impress CMS 1.1 - Session Fixation Details Product: Impress CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.impresscms.info Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

0.6AI score
Exploits0
Atlassian
Atlassian
added 2008/11/13 3:49 a.m.16 views

Session must not be invalidated on logout

People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/11/13 3:49 a.m.19 views

Session must not be invalidated on logout

People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...

2.8AI score
Exploits0
seebug.org
seebug.org
added 2008/10/09 12:0 a.m.19 views

Cisco Unity 7.0存在多个漏洞

BUGTRAQ ID: 31642 CNCAN ID:CNCAN-2008100906 Cisco Unity是一款面向企业级机构的统一通信解决方案。 Cisco Unity存在多个安全问题,包括: -Unity监听在动态UDP端口的多个服务处理特殊报文存在拒绝服务攻击。 -Unity server共享目录可泄漏信息给所有域用户。 -Unity server的会话管理看起来受限制,允许恶意用户使用所有可用户会话对合法管理者进行拒绝服务访问。要恢复新会话功能需要重新启动系统,重新启动默认WEB将不奏效。 -存在输入验证问题,导致多个跨站脚本攻击。 Cisco Unity 7.0...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2008/10/01 12:0 a.m.42 views

MySQL Quick Admin 1.5.5 - 'cookie' Local File Inclusion

MySQL Quick Admin = 1.5.5 COOKIE Local File Inclusion Vulnerability url: http://www.mysqlquickadmin.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will b...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/07/18 12:0 a.m.21 views

CGI::Session CGISESSID Cookie值目录遍历漏洞

BUGTRAQ ID: 30267 CGI::Session是一个Perl5库,可提供可靠易用的模块化会话管理系统。 CGI::Session没有充分的过滤CGISESSID cookie值便将其用在了File驱动中创建会话数据文件的文件名。如果远程攻击者在cookie值中注入了目录遍历序列,就会导致File驱动从配置的会话数据目录以外的任意文件读取会话数据。 仅在满足了所有以下条件的情况下才可以利用这个漏洞: 1 Web应用使用了CGI::Session中的File驱动管理会话。 2 Web应用部署于基于Windows的系统。 3...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/06/21 12:0 a.m.29 views

Virtual Support Office-XP <= 3.0.29 Multiple Remote Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Virtual Support Office-XP Multiple Vulnerabilities. Vendor: www.vso-xp.com Vulnerable Version: 3.0.29, 3.0.27 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/06/20 12:0 a.m.28 views

Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities

Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: Virtual Support Office-XP Multiple Vulnerabilities. Vendor: www.vso-xp.com Vulnerable Version: 3.0.29, 3.0.27 and prior versions Exploit: Available Impact: High Fix: N/A Original...

7.6AI score
Exploits0
Rows per page
Query Builder