250 matches found
CVE-2005-2149
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...
ht://Dig: Cross-site scripting vulnerability
Background ht://Dig is an HTTP/HTML indexing and searching system. Description Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks...
CVE-2004-0755
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...
GLSA-200408-02 : Courier: XSS vulnerability in SqWebMail
The remote host is affected by the vulnerability described in GLSA-200408-02 Courier: XSS vulnerability in SqWebMail Luca Legato found that SqWebMail is vulnerable to a cross-site scripting XSS attack. An XSS attack allows an attacker to insert malicious code into a web-based application. SqWebMa...
Courier: Cross-site scripting vulnerability in SqWebMail
Background Courier is an integrated mail and groupware server based on open protocols. It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a single framework. The webmail functionality included in Courier called SqWebMail allows you to access mailboxes from a web browser...
Vignette Story Server sensitive information disclosure (a040703-1)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Vignette Story Server sensitive information disclosure Release Date: 04/07/2003 Application: Vignette Story Server v4.1, 6 Platform: Windows / Unix Severity: A remote user can extract sessi...
CVE-2001-0402
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port...
CVE-2001-0402
CVE-2001-0402 affects IPFilter 3.4.16 and earlier. The issue is that the module does not include sufficient session information in its cache, enabling a remote attacker to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrest...
CVE-2000-0539
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet...
Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information
Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example...