Lucene search
+L

122 matches found

NVD
NVD
added 2019/09/16 3:15 p.m.25 views

CVE-2019-16354

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

4.7CVSS4.5AI score0.00199EPSS
Exploits0References1
Prion
Prion
added 2019/09/16 3:15 p.m.15 views

Session fixation

The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files...

2.1CVSS5.3AI score0.00362EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/09/16 2:12 p.m.62 views

CVE-2019-16355

The CVE-2019-16355 entry concerns Beego’s File Session Manager in Beego 1.10.0, where local attackers can read session files due to weak per-file permissions. Multiple connected sources (Red Hat, OSV entries) reiterate that Beego’s File Session Manager permits information disclosure via improper ...

5.5CVSS5.1AI score0.00362EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/16 2:10 p.m.22 views

CVE-2019-16354

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

4.4AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2019/08/01 3:15 p.m.12 views

CVE-2018-20914

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files SEC-368...

7.3CVSS7.2AI score0.00834EPSS
Exploits0References1
Prion
Prion
added 2019/08/01 3:15 p.m.17 views

Command injection

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files SEC-368...

4.9CVSS7.2AI score0.00834EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/08/01 2:15 p.m.5 views

CVE-2018-20886

cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...

5.3CVSS5.8AI score0.00349EPSS
Exploits0References2
NVD
NVD
added 2019/08/01 2:15 p.m.25 views

CVE-2018-20886

cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...

5.3CVSS5.4AI score0.00349EPSS
Exploits0References2
Prion
Prion
added 2019/08/01 2:15 p.m.25 views

Design/Logic Flaw

cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...

4.6CVSS5.4AI score0.00349EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/08/01 1:1 p.m.39 views

CVE-2018-20886

CVE-2018-20886 affects cPanel prior to version 74.0.0, where phpMyAdmin session files are stored insecurely. The entry cites a storage flaw that can impact confidentiality, integrity, and availability at a partial level (local access required; low attack complexity). Exploitation status and speci...

5.3CVSS5.3AI score0.00349EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/01 1:1 p.m.25 views

CVE-2018-20886

cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...

5.4AI score0.00349EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/17 12:0 a.m.11 views

CentOS Control Web Panel Elevation of Privilege Vulnerability

CentOS Web Panel CWP is a free web hosting control panel. A security vulnerability exists in CWP version 0.9.8.836. An attacker can exploit the vulnerability by uploading specially crafted session files to the /tmp directory with the help of the cwpsrv-xxx cookie, which can then be used to gain...

8.5CVSS7.1AI score0.2577EPSS
Exploits5References1
NVD
NVD
added 2014/10/20 3:55 p.m.31 views

CVE-2014-5447

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

2.1CVSS5.7AI score0.0037EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2014/10/20 3:55 p.m.38 views

CVE-2014-5447

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

2.1CVSS6.1AI score0.0037EPSS
Exploits0References2
Prion
Prion
added 2014/10/20 3:55 p.m.33 views

Design/Logic Flaw

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

2.1CVSS6.3AI score0.00383EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2014/10/20 3:0 p.m.60 views

CVE-2014-5447

Technical details for CVE-2014-5447 are not publicly available in the provided documents. No concrete exploit vectors or affected versions are disclosed here; monitor for updates.

2.1CVSS5.1AI score0.0037EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2014/10/20 3:0 p.m.32 views

CVE-2014-5447

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

5.2AI score0.0037EPSS
Exploits0References5
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.80 views

ownCloud Unencrypted Private Key Exposure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Senderek Web Security - Security Advisory ownCloud Unencrypted Private Key Exposure ========================================= https://senderek.ie/archive/2014/owncloudunencryptedprivatekeyexposure.php Revision: 1.00 Last Updated: 3 Aug 2014 Summary: I...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.87 views

[ MDVSA-2014:182 ] zarafa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:182 http://www.mandriva.com/en/support/security/ Package : zarafa Date : September 24, 2014 Affected: Business Server 1.0 Problem Description: Updated zarafa packages fix security vulnerabilities: Robert...

2.1CVSS5.4AI score0.00424EPSS
Exploits0
Prion
Prion
added 2014/07/29 2:55 p.m.28 views

Information disclosure

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files...

2.1CVSS5.9AI score0.00383EPSS
Exploits0References6Affected Software3
Rows per page
Query Builder