Lucene search
K

52 matches found

CNNVD
CNNVD
added 2022/11/16 12:0 a.m.6 views

BACKCLICK 授权问题漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK version 5.9.63, which stems from an insecure implementation of session tracking, and can be exploited by an...

8.8CVSS7.9AI score0.00804EPSS
Exploits1References4
CVE
CVE
added 2022/11/16 12:0 a.m.56 views

CVE-2022-44007

BACKCLICK Professional 5.9.63 is affected by a Session Fixation flaw stemming from an unsafe session-tracking implementation. An attacker could entice a user to open an authenticated session using a known session identifier. The issue is documented across multiple sources (e.g., Red Hat, PT-Secur...

8.8CVSS8.5AI score0.00804EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/16 12:0 a.m.3 views

PT-2022-27069 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to an unsafe implementation of session tracking, making it possible for an attacker to trick users into opening an authenticated user session for a session...

8.8CVSS6.8AI score0.00804EPSS
Exploits1References5
OSV
OSV
added 2022/05/14 3:55 a.m.8 views

GHSA-376M-3RM2-9JM6 Session Fixation in ipsilon

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

9.1CVSS8.9AI score0.02119EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2021/10/28 9:10 p.m.56 views

CVE-2021-20324

A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation This attack is...

4.2CVSS1.5AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2021/10/15 6:49 p.m.53 views

Metasploit Wrap-Up

An Especially Spooky Season for Moodle This release has not one, two, or three, but FOUR authenticated Moodle exploit modules, or should I say moodules? H00die comes through again with not just modules, but also an artisanal, bespoke library to support further work. Two target the spell check...

9CVSS9.2AI score0.24173EPSS
Exploits19
OSV
OSV
added 2019/09/13 1:15 p.m.3 views

CVE-2016-10955

The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...

9.8CVSS5.8AI score0.02433EPSS
Exploits2References2
NVD
NVD
added 2019/09/13 1:15 p.m.21 views

CVE-2016-10955

The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...

9.8CVSS9.7AI score0.02433EPSS
Exploits2References2
Prion
Prion
added 2019/09/13 1:15 p.m.16 views

Unrestricted file upload

The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...

7.5CVSS7.3AI score0.02433EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2019/09/13 12:17 p.m.144 views

CVE-2016-10955

The CVE-2016-10955 affects the WordPress plugin cysteme-finder (before version 1.4). The root cause is incorrect session tracking that allows unrestricted file upload, enabling an attacker to upload, view, or delete files on the server. Red Hat and CNVD entries confirm the same description, and W...

9.8CVSS9.5AI score0.02433EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/09/13 12:17 p.m.21 views

CVE-2016-10955

The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...

9.7AI score0.02433EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2016/11/21 12:0 a.m.3 views

PT-2017-9715

Name of the Vulnerable Software and Affected Versions ipsilon versions 1.0 through 1.0.2 ipsilon versions 1.1 through 1.1.1 ipsilon versions 1.2 through 1.2.0 ipsilon versions 2.0 through 2.0.1 Description A issue was found that allows an attacker to log out active sessions of other users. This i...

9.1CVSS7.2AI score0.02119EPSS
Exploits0References21
myhack58
myhack58
added 2015/04/21 12:0 a.m.13 views

Safari browser cookie access vulnerability affects billions of Apple products-vulnerability warning-the black bar safety net

Present in the Safari browser in a cookie access Vulnerability, CVE-2 0 1 5-1 1 2 6 may affect billions of Apple products, if you are using Safari, be sure to as soon as possible to detect whether it is affected by the vulnerability, if affected Please as soon as possible repair. FreeBuf science:...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2014/10/18 12:0 a.m.123 views

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 OS X Yosemite v10.10 is now available and addresses the following: 802.1X Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to...

10CVSS0.6AI score0.99999EPSS
Exploits161
RedHat Linux
RedHat Linux
added 2014/05/21 3:45 p.m.61 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server 2.0.1 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CV...

7.5CVSS6.5AI score0.83175EPSS
Exploits13References6
NVD
NVD
added 2013/10/28 9:55 p.m.27 views

CVE-2012-4529

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id 1 via a man-in-the-middle attack ...

4.3CVSS5.5AI score0.01977EPSS
Exploits0References6
Cvelist
Cvelist
added 2013/10/28 9:0 p.m.28 views

CVE-2012-4529

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id 1 via a man-in-the-middle attack ...

5.5AI score0.01977EPSS
Exploits0References6
Prion
Prion
added 2013/09/16 1:2 p.m.22 views

Design/Logic Flaw

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access...

5.5CVSS6.2AI score0.0171EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/05/21 12:0 a.m.53 views

RHEL 5 : JBoss EAP (RHSA-2013:0839)

Updated JBoss Enterprise Application Platform 6.1.0 packages that fix three security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

6.8CVSS6.8AI score0.07147EPSS
Exploits2References11
RedHat Linux
RedHat Linux
added 2013/05/20 3:26 p.m.63 views

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.1.0 update

Updated JBoss Enterprise Application Platform 6.1.0 packages that fix three security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

6.8CVSS6.8AI score0.07147EPSS
Exploits2References6
Rows per page
Query Builder