318 matches found
BMW ConnectedDrive Session Validation
Document Title: =============== BMW ConnectedDrive - Update VIN Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1736 Release Date: ============= 2016-07-07 Vulnerability Laboratory ID VL-ID: ==================================== 1736...
IBM UrbanCode Deploy Elevation of Privilege Vulnerability
IBM UrbanCode Deploy is the deployment automation tool. A security vulnerability exists in the IBM UrbanCode Deploy agent's failure to validate server identifiers in JMS sessions or HTTP sessions, which can be exploited by a local attacker to gain root privileges and access arbitrary code...
Cisco Unified MeetingPlace password reset
It's possible to change password without entering previous one and session validation...
Cisco Unified MeetingPlace Web Conferencing Trust Management Vulnerability
Cisco Unified MeetingPlace Web Conferencing is a Cisco Unified MeetingPlace multimedia conferencing solution in the United States Cisco Cisco company's core components. A security vulnerability in the password change feature in Cisco Unified MeetingPlace Web Conferencing versions 8.55 MR3 prior t...
Heroku Session Validation Issue
Document Title: =============== Heroku Bug Bounty 2 - API Re Auth Session Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1323 Video: http://www.vulnerability-lab.com/getcontent.php?id=1336 Vulnerability Magazine:...
Heroku Bug Bounty #2 - (API) Re Auth Bypass Vulnerability
Document Title: =============== Heroku Bug Bounty 2 - API Re Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1323 Video: http://www.vulnerability-lab.com/getcontent.php?id=1336 Vulnerability Magazine:...
CVE-2015-0763
Cisco Unified MeetingPlace 8.61.2 does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338...
Session validation vulnerability
More info at https://framework.zend.com/security/advisory/ZF2015-01...
Session validation vulnerability
More info at https://framework.zend.com/security/advisory/ZF2015-01...
Mavenlink: Non Validation of session after password reset
After a password reset link is requested and a user's password is then changed, not all existing sessions are logged out automatically. Logging in with the new password doesn't invalidate the older session either: I could browse mavenlink using two sessions in two different browsers which were...
CVE-2012-5336
lib/base.php in ownCloud before 4.0.8 does not properly validate the userid session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV...
Huawei HG866 - Authentication Bypass
Huawei HG866 - Authentication Bypass Exploit Title: Huawei HG866 Authentication Bypass Date: Jun 14 2012 Exploit Author: hkm Vendor Homepage: http://www.huawei.com Version: V1R2C01SPC202, R3.2.4.92sbn - R3.4.2.257sbn, 3FE53864AOCB16 Tested on: HG866GTAVER.C, 01, 02 Advisory:...
Intermittent Session Lost During Add/Edit Page in Firefox
We customized Seraph to integrate with our SSO Server. Seraph will perform session validation through cookies. When using firefox, we found that in 1 out of 5 to 8 times when we edit a page or add a new page, we will lose our session and be directed back to the login page. This does not happen in...
Intermittent Session Lost During Add/Edit Page in Firefox
We customized Seraph to integrate with our SSO Server. Seraph will perform session validation through cookies. When using firefox, we found that in 1 out of 5 to 8 times when we edit a page or add a new page, we will lose our session and be directed back to the login page. This does not happen in...
Intermittent Session Lost During Add/Edit Page in Firefox
We customized Seraph to integrate with our SSO Server. Seraph will perform session validation through cookies. When using firefox, we found that in 1 out of 5 to 8 times when we edit a page or add a new page, we will lose our session and be directed back to the login page. This does not happen in...
CVE-2006-4943
course/jumpto.php in Moodle before 1.6.2 does not validate the session key sesskey before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter...
CVE-2006-4943
The vulnerability CVE-2006-4943 affects Moodle’s course/jumpto.php prior to version 1.6.2, where the session key (sesskey) is not validated before serving content from arbitrary local URIs. This allows remote attackers to disclose sensitive information via the jump parameter. Affected software: M...
[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation
ASPDOTNETSTOREFRONT Improper Session Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web browser...