Lucene search
K

318 matches found

packetstorm
packetstorm
added 2016/07/08 12:0 a.m.44 views

BMW ConnectedDrive Session Validation

Document Title: =============== BMW ConnectedDrive - Update VIN Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1736 Release Date: ============= 2016-07-07 Vulnerability Laboratory ID VL-ID: ==================================== 1736...

7.4AI score
Exploits0
cnvd
cnvd
added 2016/07/08 12:0 a.m.4 views

IBM UrbanCode Deploy Elevation of Privilege Vulnerability

IBM UrbanCode Deploy is the deployment automation tool. A security vulnerability exists in the IBM UrbanCode Deploy agent's failure to validate server identifiers in JMS sessions or HTTP sessions, which can be exploited by a local attacker to gain root privileges and access arbitrary code...

8.2CVSS6.9AI score0.00327EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/07/26 12:0 a.m.47 views

Cisco Unified MeetingPlace password reset

It's possible to change password without entering previous one and session validation...

10CVSS1.7AI score0.02839EPSS
Exploits0Affected Software1
cnvd
cnvd
added 2015/07/24 12:0 a.m.6 views

Cisco Unified MeetingPlace Web Conferencing Trust Management Vulnerability

Cisco Unified MeetingPlace Web Conferencing is a Cisco Unified MeetingPlace multimedia conferencing solution in the United States Cisco Cisco company's core components. A security vulnerability in the password change feature in Cisco Unified MeetingPlace Web Conferencing versions 8.55 MR3 prior t...

10CVSS7.1AI score0.02839EPSS
Exploits0References1
packetstorm
packetstorm
added 2015/06/11 12:0 a.m.33 views

Heroku Session Validation Issue

Document Title: =============== Heroku Bug Bounty 2 - API Re Auth Session Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1323 Video: http://www.vulnerability-lab.com/getcontent.php?id=1336 Vulnerability Magazine:...

7.4AI score
Exploits0
vulnerlab
vulnerlab
added 2015/06/09 12:0 a.m.36 views

Heroku Bug Bounty #2 - (API) Re Auth Bypass Vulnerability

Document Title: =============== Heroku Bug Bounty 2 - API Re Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1323 Video: http://www.vulnerability-lab.com/getcontent.php?id=1336 Vulnerability Magazine:...

7.1AI score
Exploits0
nvd
nvd
added 2015/06/04 10:59 a.m.12 views

CVE-2015-0763

Cisco Unified MeetingPlace 8.61.2 does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338...

5CVSS6.1AI score0.01948EPSS
Exploits0References2
friendsofphp
friendsofphp
added 2015/01/14 10:0 p.m.10 views

Session validation vulnerability

More info at https://framework.zend.com/security/advisory/ZF2015-01...

7.2AI score
Exploits0Affected Software1
friendsofphp
friendsofphp
added 2015/01/14 10:0 p.m.9 views

Session validation vulnerability

More info at https://framework.zend.com/security/advisory/ZF2015-01...

7.2AI score
Exploits0Affected Software1
hackerone
hackerone
added 2014/06/10 3:30 p.m.33 views

Mavenlink: Non Validation of session after password reset

After a password reset link is requested and a user's password is then changed, not all existing sessions are logged out automatically. Logging in with the new password doesn't invalidate the older session either: I could browse mavenlink using two sessions in two different browsers which were...

3.3AI score
Exploits0
cvelist
cvelist
added 2014/06/04 2:0 p.m.37 views

CVE-2012-5336

lib/base.php in ownCloud before 4.0.8 does not properly validate the userid session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV...

6.1AI score0.01011EPSS
Exploits0References1
exploitpack
exploitpack
added 2012/06/16 12:0 a.m.13 views

Huawei HG866 - Authentication Bypass

Huawei HG866 - Authentication Bypass Exploit Title: Huawei HG866 Authentication Bypass Date: Jun 14 2012 Exploit Author: hkm Vendor Homepage: http://www.huawei.com Version: V1R2C01SPC202, R3.2.4.92sbn - R3.4.2.257sbn, 3FE53864AOCB16 Tested on: HG866GTAVER.C, 01, 02 Advisory:...

0.3AI score
Exploits0
atlassian
atlassian
added 2010/10/26 2:11 a.m.20 views

Intermittent Session Lost During Add/Edit Page in Firefox

We customized Seraph to integrate with our SSO Server. Seraph will perform session validation through cookies. When using firefox, we found that in 1 out of 5 to 8 times when we edit a page or add a new page, we will lose our session and be directed back to the login page. This does not happen in...

0.5AI score
Exploits0Affected Software1
atlassian
atlassian
added 2010/10/26 2:11 a.m.25 views

Intermittent Session Lost During Add/Edit Page in Firefox

We customized Seraph to integrate with our SSO Server. Seraph will perform session validation through cookies. When using firefox, we found that in 1 out of 5 to 8 times when we edit a page or add a new page, we will lose our session and be directed back to the login page. This does not happen in...

0.5AI score
Exploits0Affected Software1
atlassian
atlassian
added 2010/10/26 2:11 a.m.17 views

Intermittent Session Lost During Add/Edit Page in Firefox

We customized Seraph to integrate with our SSO Server. Seraph will perform session validation through cookies. When using firefox, we found that in 1 out of 5 to 8 times when we edit a page or add a new page, we will lose our session and be directed back to the login page. This does not happen in...

0.5AI score
Exploits0
nvd
nvd
added 2006/09/23 12:7 a.m.20 views

CVE-2006-4943

course/jumpto.php in Moodle before 1.6.2 does not validate the session key sesskey before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter...

5CVSS6.2AI score0.01241EPSS
Exploits0References1
cve
cve
added 2006/09/23 12:0 a.m.46 views

CVE-2006-4943

The vulnerability CVE-2006-4943 affects Moodle’s course/jumpto.php prior to version 1.6.2, where the session key (sesskey) is not validated before serving content from arbitrary local URIs. This allows remote attackers to disclose sensitive information via the jump parameter. Affected software: M...

5CVSS6.2AI score0.01241EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2004/06/10 12:0 a.m.31 views

[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation

ASPDOTNETSTOREFRONT Improper Session Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web browser...

7AI score
Exploits0
Rows per page
Query Builder