10 matches found
CVE-2026-4427
Removed by vendor...
PT-2024-37936 · Yugabyte · Yugabyte Platform
Name of the Vulnerable Software and Affected Versions: Yugabyte Platform affected versions not specified Description: The issue concerns insufficient authentication in user account management, allowing local network attackers with a compromised user session to modify critical security settings...
CVE-2023-41041 User session is still usable after logout in graylog2-server
Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss,...
Schneider Electric Modicon PLCs Use of Insufficiently Random Values (CVE-2017-6026)
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...
Failure to invalidate session after password change
Description The application does not invalidate session after the password is changed which can enable attacker to continue using the compromised session. Proof of Concept 1Login to the same accounts in two different browsers https://demo.bigbluebutton.org/gl 2Change password in the 1st browser a...
CVE-2022-0862 ePO password change vulnerability
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from...
Design/Logic Flaw
Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling...
Session fixation
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...
RealEstate CMS 3.00.50 - Cross Site Web Vulnerability
RealEstate CMS is a web portal script designed for realty agents , realtor or brokers to sell , buy , trade , rent and letting their client's property through online. It is a web based Content Management System integrated web application platform developed in php, mysql used by real estate...
ESA-2012-026: RSA Access Manager Session Replay Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-026: RSA Access Manager Session Replay Vulnerability EMC Identifier: ESA-2012-026 CVE Identifier: CVE-2012-2281 Severity Rating: CVSSv2 Base Score: 6. 8 AV:A/AC:H/Au:N/C:C/I:C/A:C Affected Products: RSA Access Manager Server version 6.0.x RSA...