309 matches found
CVE-2020-23036
CVE-2020-23036 affects MEDIA NAVI Inc SMACom v1.2 in the wifi photo transfer module. Root cause: insecure session validation in the password authentication parameter allows MITM attackers on network/public Wi‑Fi to read credentials and follow-up requests containing the user password. Impact: cred...
UPchieve: Failed to validate Session after Password Change
While conducting my research I discovered that the application Failed to validate session after password change. In this scenario changing the password doesn't destroys the other sessions which are logged in with old passwords in another browser. Steps To Reproduce: 1 Login with the same account ...
CVE-2020-4954
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could...
CVE-2020-4954
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could...
Authentication flaw
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could...
CVE-2020-4954
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could...
Cisco Data Center Network Manager Server-Side Request Forgery (cisco-sa-dcnm-ssrf-F2vX6q5p)
A vulnerability in the session validation feature of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. This vulnerability is due to insufficient validation of...
CVE-2021-1272
A vulnerability in the session validation feature of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. This vulnerability is due to insufficient validation of...
Server side request forgery (ssrf)
A vulnerability in the session validation feature of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. This vulnerability is due to insufficient validation of...
CVE-2021-1272
CVE-2021-1272 describes a SSRF in Cisco Data Center Network Manager (DCNM) where insufficient validation of parameters in a specific HTTP request allows an unauthenticated, remote attacker to bypass access controls and gain unauthorized access to the Device Manager application. The issue affects ...
CVE-2021-1272 Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability
A vulnerability in the session validation feature of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. This vulnerability is due to insufficient validation of...
CVE-2020-17526
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
CVE-2020-17526
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
PYSEC-2020-22
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
Design/Logic Flaw
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
PYSEC-2020-22
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
CVE-2020-17526
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
CVE-2020-17526
Apache Airflow Webserver prior to version 1.10.14 with the default [webserver] secret_key allows an authenticated user on one site to access an unauthorized Webserver session on another site via session validation bypass. Affected component is the Webserver authentication mechanism; root cause is...
VestaCP 0.9.8-26 - 'backup' Information Disclosure
Exploit Title: VestaCP 0.9.8-26 - 'backup' Information Disclosure Date: 2020-11-25 Exploit Author: Vulnerability-Lab Vendor Homepage: https://vestacp.com/ Software Link: https://vestacp.com/install/ Version: 0.9.8-26 Document Title: =============== VestaCP v0.9.8-26 - Insufficient Session...
VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation
Exploit Title: VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation Date: 2020-11-26 Exploit Author: Vulnerability-Lab Vendor Homepage: https://vestacp.com/ Software Link: https://vestacp.com/install/ Version: 0.9.8-26 Document Title: =============== VestaCP v0.9.8-26 - LoginAs Token...