Lucene search
K

247 matches found

Vulnerability Lab
Vulnerability Lab
added 2015/05/03 12:0 a.m.28 views

Grindr v2.1.1 iOS - (eMail) Session Vulnerability

Document Title: =============== Grindr v2.1.1 iOS - eMail Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1426 Release Date: ============= 2015-05-03 Vulnerability Laboratory ID VL-ID: ==================================== 1426 Commo...

7.4AI score
Exploits0
Prion
Prion
added 2014/09/12 1:55 a.m.20 views

Session fixation

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

5CVSS6.7AI score0.01667EPSS
Exploits0References2Affected Software7
NVD
NVD
added 2014/08/30 9:55 a.m.19 views

CVE-2014-3352

Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...

4.3CVSS6.3AI score0.02824EPSS
Exploits0References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

Multiple Vendor TCP Session Acknowledgement Number Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13215/info Multiple Vendor TCP/IP stack implementations are reported prone to a denial of service vulnerability. A report indicates that the vulnerability manifests when an erroneous TCP acknowledgement number is...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2013/12/21 11:0 a.m.21 views

CVE-2013-5413

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation...

6.8AI score0.01276EPSS
Exploits0References3
securityvulns
securityvulns
added 2013/07/17 12:0 a.m.51 views

Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities

Title: ====== Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities Date: ===== 2013-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=833 VL-ID: ===== 833 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

0.5AI score
Exploits0
myhack58
myhack58
added 2012/07/24 12:0 a.m.25 views

PHP global variables with the SESSION vulnerability, global and session-vulnerability warning-the black bar safety net

The first to see this a simple piece of code ? php sessionstart;$SESSION'isadmin'='yes';$isadmin='no';echo $SESSION'isadmin';?& gt; When php. ini in the configuration registerglobals = Off, Without any problems, Output yes but When php. ini in the configuration registerglobals = On time, First ru...

1.5AI score
Exploits0
myhack58
myhack58
added 2012/03/13 12:0 a.m.15 views

maccms chicken-upload vulnerability and a fix-vulnerability warning-the black bar safety net

A small program, inadvertently see by the way it looked under ./ admin/editor/upload.php requireonce "../adminconn.php"; $action=be"get","action"; $ftypes=array'jpg','gif','bmp','png',". jpeg"; $upfileDir= "../". $SESSION"upfolder" . the "/" . getSavePicPath . "/"; $maxSize=1 0 0 0; if!...

0.6AI score
Exploits0
OSV
OSV
added 2011/10/19 10:55 a.m.8 views

CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

6.2AI score
Exploits0References9
OpenVAS
OpenVAS
added 2010/12/28 12:0 a.m.24 views

Fedora Update for dbus FEDORA-2010-19166

Check for the Version of dbus OpenVAS Vulnerability Test Fedora Update for dbus FEDORA-2010-19166 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

2.1CVSS0.0058EPSS
Exploits1References2
Prion
Prion
added 2010/08/05 1:22 p.m.14 views

Session fixation

The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a 1 telnet, 2 rlogin, or 3 FTP session...

7.8CVSS7AI score0.01716EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2009/12/08 11:0 p.m.23 views

CVE-2009-4236

The process function in data/class/pages/admin/customer/LCPageAdminCustomerSearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information customer data via unknown vectors related to sessions...

6.1AI score0.01524EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2009/05/14 5:30 p.m.22 views

CVE-2009-1629

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to 1 hijack a session or 2 cause a denial of service session ID exhaustion via a brute-force attack...

6.8CVSS5.9AI score0.02325EPSS
Exploits1References1
exploitpack
exploitpack
added 2008/07/30 12:0 a.m.12 views

HIOX Browser Statistics 2.0 - Arbitrary Add Admin

HIOX Browser Statistics 2.0 - Arbitrary Add Admin "; fclose$file; $creat = "false"; echo "New User Created Please Wait You will be Redirected to Login Page "; else echo "Enter correct Username or Password "; if$creat == "true" ? table align=center valign=center bgcolo...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

Movable Type session management vulnerability

Overview Movable Type, a web log system from Six Apart KK, contains a vulnerability which could allow a remote attacker to gain illegal access. Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution None...

5CVSS7.1AI score
Exploits0References2
exploitpack
exploitpack
added 2007/03/25 12:0 a.m.26 views

PHP 4.4.55.2.1 - _SESSION Deserialization Overwrite

PHP 4.4.55.2.1 - SESSION Deserialization Overwrite ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2007/02/15 2:0 a.m.20 views

CVE-2006-7014

admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request...

6.9AI score0.01747EPSS
Exploits1References6
NVD
NVD
added 2006/06/14 11:2 p.m.14 views

CVE-2006-3016

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting XSS, and HTTP response splitting...

9.3CVSS6.5AI score0.02264EPSS
Exploits1References24
CVE
CVE
added 2006/05/31 10:0 p.m.45 views

CVE-2006-2711

CVE-2006-2711 affects Secure Elements Class 5 AVR (C5 EVM) version 2.8.1 and earlier (and possibly later 2.8.x), where the same initialization vector (IV) and key are reused for each message session. This is the underlying root cause stated in the CVE description, enabling remote attackers over a...

5CVSS6.3AI score0.01929EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2004/10/20 4:0 a.m.15 views

CVE-2004-0755

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...

2.1CVSS7.1AI score0.00364EPSS
Exploits0References1
Rows per page
Query Builder