Design/Logic Flaw

HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later...

Hcl Technologies Inotes 信息泄露漏洞

HCL iNotes is a software from HCL India that allows management of IBM Domino mail, scheduling of errands, and other office activity management. HCL iNotes suffers from a sensitive cookie disclosure vulnerability. An attacker can exploit this vulnerability to capture cookies by intercepting the...

The vulnerability of the BI Workspace module of the SAP BusinessObjects Business Intelligence platform allows a hacker to elevate their privileges by intercepting sessions or exposing protected information.

The vulnerability of the BI Workspace module of the SAP BusinessObjects Business Intelligence platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to elevate their privileges by intercepting sessions or disclose...

The vulnerability of the TrueConf Server software lies in the lack of a mechanism to terminate the user’s access session, allowing attackers to intercept the user’s session.

The vulnerability of the TrueConf Server software is related to the absence of a mechanism to terminate the user’s access session. Exploiting this vulnerability could allow a malicious actor to intercept the user’s session...

The vulnerability of the web interface of Belden Hirschmann’s network switches models RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS allows a intruder to gain unauthorized access and intercept web sessions.

The vulnerability of Belden Hirschmann’s network switch web interfaces for models series RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS is related to improper session management. Exploiting this vulnerability can allow an attacker to gain unauthorized access and intercept web sessions...

The vulnerability of the ICE data exchange library X11 libICE, related to the use of a weak entropy source for key generation, allows a hacker to intercept sessions.

The vulnerability of the ICE data exchange library X11 libICE is related to the use of a weak entropy source for key generation. Exploiting this vulnerability allows an attacker to intercept sessions by using information from the process list...

CVE-2017-9491

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST; Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST; Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST; Cisco DPC3941T firmware version DPC39412.5s3PRODsey; an...

The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management allows a perpetrator to gain access to another user’s session.

The vulnerability of the session identifier of the IBM Maximo Asset Management software management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to intercept a session or gain access to another user’s...

CVE-2016-0353

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

The vulnerability of the microprogrammed logic controller Siemens Simatic S7-1200 allows a malicious actor to intercept communication sessions.

The software of the Siemens SIMATIC S7-1200 programmable logic controller contains a vulnerability in the random number generator integrated into the authentication handler of the web server. During operation, it is possible to intercept a communication session by adjusting the session identifier...

Vulnerability of Cisco ACE software, which allows a malicious actor to intercept sessions

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

Vulnerability of Cisco ASA software, allowing a malicious actor to intercept sessions

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

The vulnerability of Cisco IPS software allows a malicious actor to intercept sessions.

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

The vulnerability of Cisco PIX software allows a malicious actor to intercept sessions.

The vulnerability in the Cisco PIX Firewall allows a malicious actor to intercept a user’s VPN session...

D-Link DSL-2740R Web Interface Authentication Bypass Vulnerability

The D-Link DSL-2740R is a home wireless ADSL router. An authentication bypass vulnerability exists in the D-Link DSL-2740R web interface, which can be exploited by attackers to modify DNS settings, intercept sessions, or launch denial of service attacks...

Invision Power Board <= 2.1.7 ACTIVE XSS/SQL Injection Exploit

No description provided by source. ---- INVISION POWER BOARD 2.1.7 EXPLOIT ... ITDefence.ru Antichat.ru INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / &nbs...