215 matches found
geccBBlite Multiple Cross-Site Scripting Vulnerabilities
The host is running geccBBlite and is prone to multiple Cross-Site Scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgeccbblitemultxssvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ geccBBlite Multiple Cross-Site Scripting Vulnerabilities Authors: Rachana Shetty Copyright: Copyright c...
CVE-2010-0554
The CVE-2010-0554 entry concerns Geo++ GNCASTER, affected in versions 1.4.0.7 and earlier. The HTTP Authentication implementation uses the same nonce for all authentication attempts, enabling replay attacks that can hijack web sessions or bypass authentication. This is the root cause: nonce reuse...
CVE-2009-2672
The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...
CVE-2009-2672
The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...
CVE-2009-1580
CVE-2009-1580 refers to a session fixation vulnerability in SquirrelMail prior to version 1.4.18 . The issue allows remote attackers to hijack web sessions by supplying a crafted cookie, enabling session takeover with the privileges of the affected user. The provided documents explicitly identify...
SquirrelMail: Session fixation vulnerability
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie...
PT-2009-1325 · Advantech · Adam-6000
Name of the Vulnerable Software and Affected Versions: Advantech ADAM-6000 module affected versions not specified Description: The issue allows remote attackers to easily obtain access to the module through an HTTP session, due to a default password of 00000000. This access enables attackers to 1...
CVE-2006-6276
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...
Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue
-- Corsaire Security Advisory -- Title: VMware ESX Server Cross Site Scripting issue Date: 14.11.05 Application: VMware ESX prior to 2.5.2 upgrade patch 2 VMware ESX prior to 2.1.2 upgrade patch 6 VMware ESX prior to 2.0.1 upgrade patch 6 Environment: VMware ESX Author: Stephen de Vries...
CVE-2004-1527
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers ...
CVE-2004-1527
Microsoft Internet Explorer 6.0 SP1 is affected by a vulnerability in handling certain character strings in the Path attribute, which can allow a remote attacker to hijack sessions by causing cookies to be modified in other domains when the attacker’s domain name is contained in the target’s doma...
PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/6409/info It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in PHP script requests. By constructi...
CVE-2000-0970
CVE-2000-0970 affects IIS 4.0 and 5.0 where ASP pages send the same Session ID cookie for secure and insecure sessions, enabling potential remote hijacking of a user’s secure session if they transition to insecure web traffic. The root cause is cookie marking across session contexts, leading to p...
CVE-2000-0970
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability...
Security Bulletin (MS00-080)
Microsoft Security Bulletin MS00-080 - -------------------------------------- Patch Available for "Session ID Cookie Marking" Vulnerability Originally posted: October 23, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet Informatio...