Lucene search
K

443 matches found

CVE
CVE
added 2015/06/16 4:0 p.m.53 views

CVE-2015-2804

CVE-2015-2804 affects Alcatel-Lucent OmniSwitch models (6450, 6250, 6850E, 9000E, 6400, 6855) with AOS firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02. The vulnerability is weak session identifier generation in the management web interface, enabling remote session hijacking via brut...

4.3CVSS7AI score0.02026EPSS
Exploits3References5Affected Software1
0day.today
0day.today
added 2015/05/27 12:0 a.m.61 views

Sendio ESP Information Disclosure Vulnerability

Exploit for jsp platform in category web applications 1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of...

5CVSS6.5AI score0.06651EPSS
Exploits6
exploitpack
exploitpack
added 2015/05/26 12:0 a.m.94 views

Sendio ESP - Information Disclosure

Sendio ESP - Information Disclosure 1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of last update:...

5CVSS6.3AI score0.06651EPSS
Exploits6
CNVD
CNVD
added 2015/05/15 12:0 a.m.6 views

Trend Micro ScanMail for Microsoft Exchange Authentication Bypass Vulnerability

Trend Micro ScanMail for Microsoft Exchange is a virus scanning program for Exchange mail servers. Trend Micro ScanMail for Microsoft Exchange SMEX prior to 10.2 Hot Fix Build 3318 and prior to 11.0 Hot Fix Build 4180 uses a guessable random number generator to generate the session ID of the WEB...

5CVSS6.8AI score0.02302EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/30 12:0 a.m.7 views

Novell ZENworks Session ID Disclosure Vulnerability

Novell ZENworks is a suite of software that supports automated IT management and business process management across resources within an organization. A security vulnerability in the Rtrlet.class class of Novell ZENworks allows remote attackers to submit a special POST request to obtain sensitive...

7.5CVSS6.8AI score0.0659EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/05/20 10:0 a.m.22 views

CVE-2014-2193

Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084...

6.6AI score0.00958EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/02/20 9:33 p.m.8 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:52 p.m.6 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:31 p.m.8 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/16 5:10 a.m.5 views

Monaca Debugger for Android information management vulnerability

Overview Monaca Debugger for Android contains an information management vulnerability. Monaca Debugger provided by Asial Corporation contains an issue where account information of the product or other information such as session IDs are saved in a log file. KuMaGa ShiRoIHi reported this...

5CVSS6.5AI score0.01354EPSS
Exploits0References5
Opera Security Advisories
Opera Security Advisories
added 2012/11/02 12:0 a.m.11 views

CORS requests can incorrectly retrieve contents of cross origin pages – Opera Security Advisories

CORS Cross-Origin Resource Sharing allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target site sends the...

5.8AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/07/15 7:32 a.m.1 views

ASP.NET vulnerable to cross-site scripting

Overview ASP.NET may create web applications for mobile devices that contain a cross-site scripting vulnerability. ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the applicatio...

4.3CVSS6.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/11/30 12:0 a.m.52 views

RHEL 4 / 5 : php (RHSA-2010:0919)

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

6.8CVSS6.7AI score0.11528EPSS
Exploits7References15
RedHat Linux
RedHat Linux
added 2010/11/29 9:31 p.m.37 views

Moderate: Red Hat Security Advisory: php security update

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

6.8CVSS7.2AI score0.11528EPSS
Exploits7References8
ATTACKERKB
ATTACKERKB
added 2009/06/22 8:30 p.m.2 views

CVE-2009-2165

SerendipityNZ aka SimpleBoxes Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id...

7.5CVSS5.6AI score0.01402EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2008/07/16 12:0 a.m.48 views

RHEL 2.1 : php (RHSA-2008:0546)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. ...

10CVSS8.4AI score0.04289EPSS
Exploits2References15
Tenable Nessus
Tenable Nessus
added 2008/07/16 12:0 a.m.254 views

RHEL 3 / 5 : php (RHSA-2008:0544)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

10CVSS7.9AI score0.04696EPSS
Exploits3References13
RedHat Linux
RedHat Linux
added 2007/11/26 1:56 p.m.6 views

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

4.3CVSS5.8AI score0.16944EPSS
Exploits4References4
securityvulns
securityvulns
added 2007/06/03 12:0 a.m.85 views

[MajorSecurity Advisory #49]Calimero.CMS - Session fixation Issue

MajorSecurity Advisory 49Calimero.CMS - Session fixation Issue Details ======= Product: Calimero.CMS Affected version: 3.3.1232 and prior Remote-Exploit: yes Vendor-URL: http://www.calimero-cms.de Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...

0.5AI score
Exploits0
NVD
NVD
added 2007/02/07 11:28 a.m.10 views

CVE-2006-6969

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possib...

6.8CVSS7AI score0.01561EPSS
Exploits0References8
Rows per page
Query Builder