Authentication flaw

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie...

CVE-2013-3586

CVE-2013-3586 affects Samsung Web Viewer for Samsung DVR devices. The vulnerability is an authentication bypass in cookie handling where any SessionID after SessionID= is accepted, enabling remote unauthenticated access to internal pages (including cameras and admin areas) and potentially exposin...

CVE-2013-3586

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie...

OpenX 2.8.10 Cross Site Scripting / SQL Injection

Exploit Title: OpenX 2.8.10 - Multiples Vulnerabilites Product: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Official site: http://www.openx.com Risk Level: High Exploit Author: Esac Last Checked: 12/08/2013 +----------+ | OVERVIEW | +----------+ OpenX Source is...

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....

CVE-2012-2144

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

CVE-2012-2144

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

CVE-2012-2144

CVE-2012-2144 : Session fixation in OpenStack Horizon (folsom-1 and 2012.1) allows remote attackers to hijack web sessions via the sessionid cookie. Vulnerable component: Horizon UI. Impact: session hijacking via cookie manipulation. Root cause: session fixation through sessionid handling as desc...

CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packetninjas L.L.C www.packetninjas.net -= Security Advisory =- Advisory: Zeacom Chat Server JSESSIONID weak SessionID Vulnerability Release Date: unknown Last Modified: 09/27/2010 Author: Daniel Clemens daniel.clemensatpacketninjas.net Application:...

CVE-2010-2270

Accoria Web Server aka Rock Web Server 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie...

CVE-2010-2270

Accoria Web Server aka Rock Web Server 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie...

CVE-2008-6722

Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to...

XPSHOP Shopping Mall system vulnerabilities-vulnerability warning-the black bar safety net

XPSHOP Shopping Mall system vulnerabilities Accidentally found this loophole..official now also don't know...I'm not elsewhere in the published Oh.. This vulnerability is bad...to the straight pull change people the administrator password!! A little bit wicked!!!... But for the sake of our networ...

CVE-2008-3700

Multiple cross-site scripting XSS vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the sessionid parameter in a livesupport startclientchat action to visitor/index.php; 2 the filter parameter in a news view action to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the sessionid parameter in a livesupport startclientchat action to visitor/index.php; 2 the filter parameter in a news view action to...

CVE-2008-3700

Multiple cross-site scripting XSS vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the sessionid parameter in a livesupport startclientchat action to visitor/index.php; 2 the filter parameter in a news view action to...

Alstrasoft e-Friends 4.98 - seid Multiple SQL Injections

Alstrasoft e-Friends 4.98 - seid Multiple SQL Injections \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV85$2007 ----------------------------------------------------------------------------------------- ECHOADV85$2007 alstrasoft E-Friends = 4.98 seid...

Myspace Clone Script Remote SQL Injection Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ Myspace Clone Script SQL Injection Vulnerabilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz &...

Myspace Clone Script - SQL Injection

Myspace Clone Script - SQL Injection --==+================================================================================+==-- --==+ Myspace Clone Script SQL Injection Vulnerabilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz...

EQdkp 1.3.2 - listmembers.php SQL Injection

EQdkp 1.3.2 - listmembers.php SQL Injection !/usr/bin/perl -w EQdkp = 1.3.2 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code listmembers.php: $sql = 'SELECT m., m.memberearned-m.memberspent+m.memberadjustment AS...