1114 matches found
Novell GroupWise <= 8.0 WebAccess Multiple Security Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/35066/info Novell GroupWise WebAccess is prone to multiple security vulnerabilities. An attacker may leverage these issues to bypass certain security restrictions or conduct cross-site scripting attacks. Note that some of...
Simple Machines forum (SMF) 2.0 session hijacking
No description provided by source. Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a...
CA 2E Web Option 8.1.2 - Authentication Bypass
No description provided by source. Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web Option Affected version: 8.1.2 Fixed version: N/A Reported by: Mike Emery Details: CA 2E Web Option r8.1.2 and potentially others, is...
ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure Vulnerability
No description provided by source. Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named kerbynet interpreted in cgi-bin directory here : /cdrom/usr/local/apache2/cgi-bin/kerbynet So all...
IRCCloud: Session Token is not Verified while changing Account Setting's which Result In account Takeover
Hello IrcCloud Security Team, Vulnerability Detail's:- Session Token is not Verified while changing Account Setting's which Result In account Takeover Description:- I have found that while changing Setting Session token is not verified .So an attacker can basically plot a CSRF attack which would...
IRCCloud: Unsecure cookies, cookie flag secure not set
Since you are running on a secure connection, https, you should be ensuring that everything runs securely on your client's / visitors case. I have check the cookie session of IRCCloud and found out that it is not flag as secure. Whenever a cookie contains sensitive information or is a session...
CA 2E Web Option session spooging
Pridictable session token...
MediaWiki 'theloadFromSession'函数信息泄露漏洞
BUGTRAQ ID:65883 CVE ID:CVE-2014-2243 MediaWiki是一款Wiki程序。 MediaWiki的includes/User.php脚本'theloadFromSession'函数存在安全漏洞。远程攻击者可通过实施暴力破解攻击利用该漏洞获取会话令牌的访问权限。 0 MediaWiki Mediawiki 2.0.18 MediaWiki Mediawiki = 1.19.11 MediaWiki Mediawiki 1.20.x MediaWiki Mediawiki 1.21.x1.21.6 MediaWiki Mediawiki...
CA 2E Web Option 8.1.2身份验证绕过漏洞
CVECAN ID: CVE-2014-1219 CA 2E Web Option是CA 2E应用Web接口开发工具。 CA 2E Web Option r8.1.2生成会议令牌的方式可以预测,在实现上存在安全漏洞,这可使远程攻击者绕过身份验证机制。 0 CA 2E Web Option 8.1.2 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.ca.com/us//media/files/productbriefs/cs3003-ca-2e-web-option.aspx Vulnerability title:...
CVE-2014-1219
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2ESSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to...
CVE-2014-1219
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2ESSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to...
CA 2E Web Option 8.1.2 - Authentication Bypass Vulnerability
Exploit for multiple platform in category web applications Details: CA 2E Web Option r8.1.2 and potentially others, is vulnerable to unauthenticated privilege escalation via a predictable session token. The POST parameter session token W2ESSNID appears as follows:...
CA 2E Web Option 8.1.2 - Authentication Bypass
CA 2E Web Option 8.1.2 - Authentication Bypass Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web Option Affected version: 8.1.2 Fixed version: N/A Reported by: Mike Emery Details: CA 2E Web Option r8.1.2 and potentially...
CA 2E Web Option 8.1.2 Privilege Escalation / Denial Of Service
This is a multi-part message in MIME format. ------=NextPart00101CF280B.6C29886A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web...
CA 2E Web Option 8.1.2 - Authentication Bypass
Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web Option Affected version: 8.1.2 Fixed version: N/A Reported by: Mike Emery Details: CA 2E Web Option r8.1.2 and potentially others, is vulnerable to unauthenticated privilege...
CVE-2013-5450
IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token...
Authentication flaw
IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token...
CVE-2013-5450
CVE-2013-5450 affects IBM Security AppScan Enterprise versions 8.5 through 8.7.0.1 when Jazz authentication is enabled. The root issue is an improperly protected URL that can be leveraged in a man-in-the-middle scenario to obtain sensitive information or modify data by obtaining a session token. ...
CVE-2013-5450
IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token...
ZeroShell cgi-binkerbynet - Local File Disclosure
ZeroShell cgi-binkerbynet - Local File Disclosure Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named "kerbynet" interpreted in cgi-bin directory here :...