Lucene search
K

133 matches found

Positive Technologies
Positive Technologies
added 2013/05/29 12:0 a.m.4 views

PT-2013-58: Insufficient Session Security in Huawei M2000

The specialists of the Positive Research center have detected an Insufficient Session Security vulnerability in Huawei M2000. Access rights storage mechanism is vulnerable to cryptographic attacks. An attacker may calculate the new checksum and obtain elevated privileges via brute force attack. H...

5.1CVSS7.2AI score
Exploits0References3
Atlassian
Atlassian
added 2010/06/25 4:47 p.m.18 views

Logout Button / Option Missing for some LDAP user accounts

Instance Details / Description: The logout option to kill sessions is not present for some user accounts i,e, the zzsvat01-05 test accounts. It is believed that this is caused by LDAP user accounts that don't have a first and / or last name present. For these specific rare instances i.e. probably...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/06/25 4:47 p.m.18 views

Logout Button / Option Missing for some LDAP user accounts

Instance Details / Description: The logout option to kill sessions is not present for some user accounts i,e, the zzsvat01-05 test accounts. It is believed that this is caused by LDAP user accounts that don't have a first and / or last name present. For these specific rare instances i.e. probably...

0.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2010/04/01 12:14 a.m.6 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits14References4
RedHat Linux
RedHat Linux
added 2010/03/25 9:20 a.m.5 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits14References4
CVE
CVE
added 2008/01/23 1:0 a.m.116 views

CVE-2008-0128

Apache Tomcat 5.x before 5.5.21 is affected by CVE-2008-0128: when the SingleSignOn valve is used over HTTPS, the JSESSIONIDSSO cookie is not marked secure, allowing it to be sent over HTTP and potentially captured by an attacker via a crafted HTTP request. This information is supported by multip...

5CVSS9AI score0.19622EPSS
Exploits0References22Affected Software1
exploitpack
exploitpack
added 2007/06/16 12:0 a.m.17 views

PHPMyInventory 2.8 - global.inc.php Remote File Inclusion

PHPMyInventory 2.8 - global.inc.php Remote File Inclusion phpMyInventory pmi v. 2.8 FOUND BY : o0xxdark0o o0xxdark0oatmsn.com DOWNLOAD : http://sourceforge.net/projects/phpmyinventory/ REMOTE FILE ICLUDE FILE : PATH\Includes\global.inc.php EXPLOIT:...

0.3AI score
Exploits0
NVD
NVD
added 2006/03/22 2:2 a.m.13 views

CVE-2006-1358

Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user...

5CVSS6.5AI score0.0186EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.28 views

Debian DSA-388-1 : kdebase - several vulnerabilities

Two vulnerabilities were discovered in kdebase : - CAN-2003-0690 : KDM in KDE 3.1.3 and earlier does not verify whether the pamsetcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain...

10CVSS5.4AI score0.02678EPSS
Exploits0References3
Cvelist
Cvelist
added 2004/07/21 4:0 a.m.19 views

CVE-2004-0701

Sun Ray Server Software SRSS 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access...

6.5AI score0.00348EPSS
Exploits0References4
exploitpack
exploitpack
added 2001/06/24 12:0 a.m.19 views

XFree86 X11R6 3.3 XDM - Session Cookie Guessing

XFree86 X11R6 3.3 XDM - Session Cookie Guessing // source: https://www.securityfocus.com/bid/2985/info xdm is the X Display Manager, a component of the XFree86 package. xdm manages the display of X sessions both locally and remotely. An xdm server compiled without WrapHelp.c is vulnerable to a...

Exploits0
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.23 views

CVE-2000-0519

Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities...

6.7AI score0.04835EPSS
Exploits0References5
NVD
NVD
added 1998/11/12 5:0 a.m.12 views

CVE-1999-1025

CDE screen lock program screenlock on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string...

4.6CVSS0.00351EPSS
Exploits0References3
Rows per page
Query Builder