Lucene search
+L

2171 matches found

RedHat Linux
RedHat Linux
added 2007/10/23 3:54 p.m.7 views

php cross-site cookie insertion

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS6AI score0.07919EPSS
Exploits0References4
securityvulns
securityvulns
added 2007/10/23 12:0 a.m.44 views

Citrix Access Gateway information leak

HTTP session cookie is passed through HTTP GET request parameters, making it possible to leak it value thorugh Referer: field or in the browsing history...

1.6AI score
Exploits0References1Affected Software2
Cent OS
Cent OS
added 2007/09/26 9:3 a.m.92 views

php security update

CentOS Errata and Security Advisory CESA-2007:0889 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting languag...

7.5CVSS7AI score0.08878EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2007/09/26 8:34 a.m.9 views

php cross-site cookie insertion

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS6AI score0.07919EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/09/26 8:34 a.m.63 views

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server...

7.5CVSS7AI score0.08878EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2007/09/26 12:0 a.m.54 views

RHEL 3 : php (RHSA-2007:0889)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server...

7.5CVSS7.1AI score0.08878EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2007/09/25 12:0 a.m.69 views

Fedora Core 6 : php-5.1.6-3.7.fc6 (2007-709)

This update fixes a number of security issues in PHP : - various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. CVE-2007-3996 - ...

7.5CVSS7AI score0.08878EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2007/09/24 12:0 a.m.53 views

CentOS 4 / 5 : php (CESA-2007:0890)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

7.5CVSS7AI score0.08878EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2007/09/20 1:10 p.m.53 views

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

7.5CVSS7AI score0.08878EPSS
Exploits1References8
Saint
Saint
added 2007/07/20 12:0 a.m.62 views

Trend Micro OfficeScan session cookie buffer overflow

Added: 07/20/2007 CVE: CVE-2007-3454 BID: 24641 OSVDB: 36629 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in the CGIOCommon.dll shared library allows remote attackers to execute arbitrary commands by sending ...

10CVSS7.8AI score0.05531EPSS
Exploits4
Saint
Saint
added 2007/07/20 12:0 a.m.38 views

Trend Micro OfficeScan session cookie buffer overflow

Added: 07/20/2007 CVE: CVE-2007-3454 BID: 24641 OSVDB: 36629 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in the CGIOCommon.dll shared library allows remote attackers to execute arbitrary commands by sending ...

10CVSS7.8AI score0.05531EPSS
Exploits4
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.68 views

Trend Micro OfficeScan multiple security vulnerabilities

Unauthorized access to administration interface, buffer overflow on session cookie parsing...

10CVSS5AI score0.05531EPSS
Exploits4References2Affected Software2
NVD
NVD
added 2007/07/16 10:30 p.m.19 views

CVE-2007-3799

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS9.5AI score0.07919EPSS
Exploits0References32
Cvelist
Cvelist
added 2007/07/16 10:0 p.m.27 views

CVE-2007-3799

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

7.7AI score0.07919EPSS
Exploits0References32
UbuntuCve
UbuntuCve
added 2007/07/16 12:0 a.m.32 views

CVE-2007-3799

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS6.1AI score0.07919EPSS
Exploits0References2
seebug.org
seebug.org
added 2007/06/04 12:0 a.m.57 views

PHP EXT/Session HTTP应答头注入漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP的ext/session在置于会话COOKIE前没有URL编码会话ID,远程攻击者可以利用漏洞可以对会话COOKIE进行注入攻击。 当PHP' ext/session调用sessionstart,会在部分情况下发送新会话COOKIE,这些情况如下: - session id嵌入到PATHINFO - session id重生成 - session id通过sessionid设置 - sessionstart多次调用...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2007/05/19 12:0 a.m.36 views

HP Systems Insight Manager for Windows unauthorized access

Invalid session cookie processing allows administrative session hijacknig...

2.7AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2007/02/05 12:0 a.m.34 views

Jetty web server weak pseudo-random number generator

Weak PRNG generator is used for session cookie making it's possible to spoof the session id...

6.8CVSS1.7AI score0.01561EPSS
Exploits0References1Affected Software1
myhack58
myhack58
added 2007/01/11 12:0 a.m.15 views

Crack the Session cookie method-vulnerability warning-the black bar safety net

This method, I think, already with the 1,2 years, in the hope that there is a need friends useful. The so-called session cookie, is the site in your login is successful, the Send a cookie that indicates you have passed verification, but with the General cookie The difference is, he will not be...

7AI score
Exploits0
securityvulns
securityvulns
added 2006/09/12 12:0 a.m.69 views

Invalid Lotus Domino Web access sesssion cookie handling

Server accepts session cookie after user logout...

4.3CVSS2.4AI score0.01353EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder