52 matches found
BACKCLICK 授权问题漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK version 5.9.63, which stems from an insecure implementation of session tracking, and can be exploited by an...
CVE-2022-44007
BACKCLICK Professional 5.9.63 is affected by a Session Fixation flaw stemming from an unsafe session-tracking implementation. An attacker could entice a user to open an authenticated session using a known session identifier. The issue is documented across multiple sources (e.g., Red Hat, PT-Secur...
PT-2022-27069 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to an unsafe implementation of session tracking, making it possible for an attacker to trick users into opening an authenticated user session for a session...
GHSA-376M-3RM2-9JM6 Session Fixation in ipsilon
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...
CVE-2021-20324
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation This attack is...
Metasploit Wrap-Up
An Especially Spooky Season for Moodle This release has not one, two, or three, but FOUR authenticated Moodle exploit modules, or should I say moodules? H00die comes through again with not just modules, but also an artisanal, bespoke library to support further work. Two target the spell check...
CVE-2016-10955
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...
CVE-2016-10955
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...
Unrestricted file upload
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...
CVE-2016-10955
The CVE-2016-10955 affects the WordPress plugin cysteme-finder (before version 1.4). The root cause is incorrect session tracking that allows unrestricted file upload, enabling an attacker to upload, view, or delete files on the server. Red Hat and CNVD entries confirm the same description, and W...
CVE-2016-10955
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...
PT-2017-9715
Name of the Vulnerable Software and Affected Versions ipsilon versions 1.0 through 1.0.2 ipsilon versions 1.1 through 1.1.1 ipsilon versions 1.2 through 1.2.0 ipsilon versions 2.0 through 2.0.1 Description A issue was found that allows an attacker to log out active sessions of other users. This i...
Safari browser cookie access vulnerability affects billions of Apple products-vulnerability warning-the black bar safety net
Present in the Safari browser in a cookie access Vulnerability, CVE-2 0 1 5-1 1 2 6 may affect billions of Apple products, if you are using Safari, be sure to as soon as possible to detect whether it is affected by the vulnerability, if affected Please as soon as possible repair. FreeBuf science:...
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 OS X Yosemite v10.10 is now available and addresses the following: 802.1X Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server 2.0.1 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CV...
CVE-2012-4529
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id 1 via a man-in-the-middle attack ...
CVE-2012-4529
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id 1 via a man-in-the-middle attack ...
Design/Logic Flaw
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access...
RHEL 5 : JBoss EAP (RHSA-2013:0839)
Updated JBoss Enterprise Application Platform 6.1.0 packages that fix three security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.1.0 update
Updated JBoss Enterprise Application Platform 6.1.0 packages that fix three security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...