Lucene search
K

113 matches found

myhack58
myhack58
added 2010/02/25 12:0 a.m.24 views

ESCMS vulnerability website system 0day-vulnerability warning-the black bar safety net

Version:ESCMS V1. 0 SP1 Build 1 1 2 5 Background login authentication is through the admin/check. asp achieved,look at the code % if Request. cookiesCookiesKey"ESadmin"="" then 'Note that here Oh,he is by COOKIE validation ESadmin is empty,we can forge a value,called he is not empty 'CookiesKey i...

7.3AI score
Exploits0
myhack58
myhack58
added 2007/09/06 12:0 a.m.13 views

Cross-site attack to achieve Http session hijacking techniques-vulnerability warning-the black bar safety net

A Web application is by 2 ways to determine and keep track of different users: a Cookie or Sessionalso called session Cookies. Wherein the Cookie is stored on the local computer, the expiration time is very long, so for the Cookie of the means of attack is generally to steal user Cookies and then...

6.6AI score
Exploits0
myhack58
myhack58
added 2007/04/26 12:0 a.m.11 views

Hackers newbies tutorial of the well known Cookies to the file spoofing-vulnerability warning-the black bar safety net

First, a few basic concepts Cookies deception, is in only for the user to do the Cookies the authentication of the system, by modifying Cookies of the content to obtain the appropriate user permissions to log on. So what is Cookies?, I'm here to give you a professional explanation, Cookies are...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2006/09/08 12:0 a.m.49 views

sqlledger.txt

Hi all; I have received many requests from security professions responsible for the security of Linux distros to move the full disclosure ahead. Now that I am reasonably sure that the full scope of the problem is known and fixed in the fix that Chris Murtagh and myself put together, it has been...

7.5CVSS6.4AI score0.01811EPSS
Exploits4
myhack58
myhack58
added 2006/07/12 12:0 a.m.22 views

Cross-site achieve HTTP session hijacking-vulnerability warning-the black bar safety net

A Web application is by 2 ways to determine and keep track of different users: a Cookie or Session also called session-Cookie is. Wherein the Cookie is stored on the local computer, the expiration time is very long, so for the Cookie of the means of attack is generally to steal user Cookies and...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2005/03/16 12:0 a.m.25 views

[ISR] Insecure communication and Reproduce the Session authentication

|| || ISR || Infobyte Security Research || www.infobyte.com.ar || 03.15.2005 || .:: SUMMARY Novell iChain Administration HTTP Server: - Insecure communication - Reproduce the Session authentication Version: IChain Version v2.3, It is suspected that all previous versions of IChan are vulnerable. ....

7.4AI score
Exploits0
NVD
NVD
added 2005/01/10 5:0 a.m.17 views

CVE-2004-1219

paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the...

5CVSS7AI score0.023EPSS
Exploits0References4
Cvelist
Cvelist
added 2004/12/15 5:0 a.m.25 views

CVE-2004-1219

paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the...

6.9AI score0.023EPSS
Exploits0References4
securityvulns
securityvulns
added 2004/12/08 12:0 a.m.32 views

Multiple Vulnerabilities in paFileDB 3.1

ECHOADV09$2004 --------------------------------------------------------------------------- Multiple Vulnerabilities in paFileDB 3.1 --------------------------------------------------------------------------- Author: y3dips Date: November, 26th 2004 Location: Indonesia, Jakarta Web:...

0.2AI score
Exploits0
CVE
CVE
added 2004/09/01 4:0 a.m.49 views

CVE-2002-0396

The CVE-2002-0396 issue affects Red-M 1050 AP web management server. It does not require site-wide credentials for every request; session state is not tied to a logged-in user, enabling an attacker from the same IP as a valid session to access the management interface. The impact is described as ...

7.5CVSS6.6AI score0.01469EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2004/07/08 12:0 a.m.37 views

Passid EasyDisk protection bypass

If EasyDisk was accessed from same system in previous session, authentication is not required to access EasyDisk encrypted files after reboot...

3.6AI score
Exploits0References1
securityvulns
securityvulns
added 2003/01/21 12:0 a.m.34 views

Multiple Vulnerabilties In PHPLinks

phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link farm or search engine. phpLinks has multilevel site categorization, infinite threaded search capabilities and more. phpLinks is very simple to setup There lies a fault in the include/add.php script that...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2003/01/21 12:0 a.m.40 views

Multiple PHP Topsites Vulnerabities found

Multiple PHP Topsites Vulnerabities found PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimited categories, Site rating on incoming votes; Special Rating from Webmaster; anti-cheating gateway; Random...

7.9AI score
Exploits0
Rows per page
Query Builder