Lucene search
K

215 matches found

OpenVAS
OpenVAS
added 2010/02/26 12:0 a.m.25 views

geccBBlite Multiple Cross-Site Scripting Vulnerabilities

The host is running geccBBlite and is prone to multiple Cross-Site Scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgeccbblitemultxssvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ geccBBlite Multiple Cross-Site Scripting Vulnerabilities Authors: Rachana Shetty Copyright: Copyright c...

4.3CVSS0.01116EPSS
Exploits1References2
CVE
CVE
added 2010/02/04 7:0 p.m.46 views

CVE-2010-0554

The CVE-2010-0554 entry concerns Geo++ GNCASTER, affected in versions 1.4.0.7 and earlier. The HTTP Authentication implementation uses the same nonce for all authentication attempts, enabling replay attacks that can hijack web sessions or bypass authentication. This is the root cause: nonce reuse...

7.5CVSS7.2AI score0.01537EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2009/08/05 7:0 p.m.26 views

CVE-2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...

6.1AI score0.04564EPSS
Exploits0References31
UbuntuCve
UbuntuCve
added 2009/08/05 12:0 a.m.42 views

CVE-2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...

7.5CVSS6.3AI score0.04564EPSS
Exploits0References3
CVE
CVE
added 2009/05/14 5:0 p.m.76 views

CVE-2009-1580

CVE-2009-1580 refers to a session fixation vulnerability in SquirrelMail prior to version 1.4.18 . The issue allows remote attackers to hijack web sessions by supplying a crafted cookie, enabling session takeover with the privileges of the affected user. The provided documents explicitly identify...

5.8CVSS7.1AI score0.01855EPSS
Exploits0References20Affected Software1
RedHat Linux
RedHat Linux
added 2009/01/19 9:16 p.m.5 views

SquirrelMail: Session fixation vulnerability

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie...

5.8CVSS7.2AI score0.01855EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2009/01/06 12:0 a.m.8 views

PT-2009-1325 · Advantech · Adam-6000

Name of the Vulnerable Software and Affected Versions: Advantech ADAM-6000 module affected versions not specified Description: The issue allows remote attackers to easily obtain access to the module through an HTTP session, due to a default password of 00000000. This access enables attackers to 1...

10CVSS6.5AI score0.03325EPSS
Exploits0References4
NVD
NVD
added 2006/12/04 11:28 a.m.26 views

CVE-2006-6276

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...

6.8CVSS6.2AI score0.0361EPSS
Exploits0References8
securityvulns
securityvulns
added 2006/06/02 12:0 a.m.54 views

Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue

-- Corsaire Security Advisory -- Title: VMware ESX Server Cross Site Scripting issue Date: 14.11.05 Application: VMware ESX prior to 2.5.2 upgrade patch 2 VMware ESX prior to 2.1.2 upgrade patch 6 VMware ESX prior to 2.0.1 upgrade patch 6 Environment: VMware ESX Author: Stephen de Vries...

6.8CVSS0.4AI score0.01423EPSS
Exploits1
Cvelist
Cvelist
added 2005/02/19 5:0 a.m.16 views

CVE-2004-1527

Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers ...

6.5AI score0.01351EPSS
Exploits0References5
CVE
CVE
added 2005/02/19 5:0 a.m.55 views

CVE-2004-1527

Microsoft Internet Explorer 6.0 SP1 is affected by a vulnerability in handling certain character strings in the Path attribute, which can allow a remote attacker to hijack sessions by causing cookies to be modified in other domains when the attacker’s domain name is contained in the target’s doma...

5CVSS6.9AI score0.01351EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2002/12/16 12:0 a.m.18 views

PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/6409/info It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in PHP script requests. By constructi...

7.4AI score
Exploits0
CVE
CVE
added 2001/01/22 5:0 a.m.78 views

CVE-2000-0970

CVE-2000-0970 affects IIS 4.0 and 5.0 where ASP pages send the same Session ID cookie for secure and insecure sessions, enabling potential remote hijacking of a user’s secure session if they transition to insecure web traffic. The root cause is cookie marking across session contexts, leading to p...

7.5CVSS7.1AI score0.43548EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2000/12/19 5:0 a.m.19 views

CVE-2000-0970

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability...

7.5CVSS6.7AI score0.43548EPSS
Exploits0References4
securityvulns
securityvulns
added 2000/10/24 12:0 a.m.47 views

Security Bulletin (MS00-080)

Microsoft Security Bulletin MS00-080 - -------------------------------------- Patch Available for "Session ID Cookie Marking" Vulnerability Originally posted: October 23, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet Informatio...

6.8AI score
Exploits0
Rows per page
Query Builder