214 matches found
CVE-2025-36119
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...
CVE-2025-36119
The CVE-2025-36119 issue affects IBM i 7.3–7.6 (DCM for i) and is caused by a web session hijacking vulnerability that lets an authenticated user without admin privileges perform actions as an administrator. IBM has published remediation via PTFs, with fixes included in IBM i Release 7.3–7.6 unde...
IBM i 安全漏洞
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.3, 7.4, 7.5, and 7.6 that stems from Web session hijacking in IBM Digital Certificate Manager for i DCM resulting in...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the SessionClicks class. An attacker can exhaust system memory by sending crafted HTTP requests that cause excessive request parameters to be stored in the HTTP session. Details...
CVE-2025-3526
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to...
CVE-2022-33137
A vulnerability has been identified in SIMATIC MV540 H All versions V3.3, SIMATIC MV540 S All versions V3.3, SIMATIC MV550 H All versions V3.3, SIMATIC MV550 S All versions V3.3, SIMATIC MV560 U All versions V3.3, SIMATIC MV560 X All versions V3.3. The web session management of affected devices...
CVE-2022-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...
CVE-2022-25626
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session...
CVE-2012-0301
Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2010-2149
Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2013-7387
Session fixation vulnerability in DataLife Engine DLE 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie...
CVE-2013-0937
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2002-2125
Internet Explorer 6.0 does not warn users when an expired certificate authority CA certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle MITM attack...
CVE-2025-0138
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue...
Palo Alto Networks Prisma Cloud Compute Edition 代码问题漏洞
Palo Alto Networks Prisma Cloud Compute Edition is a cloud-native security platform from U.S.-based Palo Alto Networks that provides full lifecycle protection for containers, hosts, and serverless workloads. A security vulnerability exists in Palo Alto Networks Prisma Cloud Compute Edition that...
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud...
CVE-2024-44575
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...
The vulnerabilities of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the FortiSwitchManager local management platform allow a perpetrator to gain unauthorized access to the device.
The vulnerability of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the FortiSwitchManager local management platform are related to incorrect session duration settings. Exploiting this vulnerability can allow a remote attacker to gain...
CVE-2024-41687
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow...
DirectCyber Evolution Controller 安全漏洞
DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used for physical access to the facility by the controller. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from...