Lucene search
K

4041 matches found

CVE
CVE
added 2007/04/11 1:0 a.m.42 views

CVE-2007-1953

CVE-2007-1953 is a session fixation vulnerability described as allowing remote attackers to hijack web sessions by setting a PHPSESSID cookie in onelook courts online. The connected documents provide the description but do not include concrete technical details (affected version/component/root ca...

7.5CVSS6.6AI score0.01406EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/04/11 1:0 a.m.48 views

CVE-2007-1949

The CVE-2007-1949 entry describes a Session fixation vulnerability in WebBlizzard CMS where an attacker can hijack user sessions by setting a PHPSESSID cookie. The connected documents confirm the flaw affects WebBlizzard CMS and exposes session integrity risk, allowing remote exploitation via coo...

7.5CVSS6.6AI score0.01423EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/04/11 1:0 a.m.44 views

CVE-2007-1952

CVE-2007-1952 concerns the onelook onebyone CMS . The vulnerability is a session fixation flaw that allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. The description explicitly ties the issue to session fixation via PHPSESSID, enabling partial confidentiality and integ...

7.5CVSS6.6AI score0.01453EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/04/11 1:0 a.m.20 views

CVE-2007-1952

Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie...

6.6AI score0.01453EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/04/11 1:0 a.m.22 views

CVE-2007-1951

Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie...

6.6AI score0.01406EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/04/11 1:0 a.m.23 views

CVE-2007-1953

Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie...

6.6AI score0.01406EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/04/11 1:0 a.m.23 views

CVE-2007-1949

Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie...

6.6AI score0.01423EPSS
Exploits0References4
CVE
CVE
added 2007/04/11 1:0 a.m.44 views

CVE-2007-1951

The CVE-2007-1951 entry concerns a session fixation vulnerability in the onelook obo Shop where an attacker can hijack sessions by setting a PHPSESSID cookie. Affected component: web application/session handling within onelook obo Shop. Root cause: improper handling of PHPSESSID cookies allowing ...

7.5CVSS6.6AI score0.01406EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2007/04/08 12:0 a.m.52 views

[MajorSecurity Advisory #41]onelook courts online - Session fixation Issue

MajorSecurity Advisory 41onelook courts online - Session fixation Issue Details ======= Product: courts online Remote-Exploit: yes Vendor-URL: http://www.onebyone.ch/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity....

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/04/08 12:0 a.m.38 views

[MajorSecurity Advisory #39]onelook onebyone CMS - Session fixation Issue

MajorSecurity Advisory 39onelook onebyone CMS - Session fixation Issue Details ======= Product: onebyone CMS Remote-Exploit: yes Vendor-URL: http://www.onebyone.ch/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.de...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/04/08 12:0 a.m.54 views

[MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue

MajorSecurity Advisory 40onelook oboShop - Session fixation Issue Details ======= Product: oboShop Remote-Exploit: yes Vendor-URL: http://www.onebyone.ch/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.de Original...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/04/08 12:0 a.m.50 views

[MajorSecurity Advisory #42]webblizzard CMS - Cross Site Scripting and Session fixation Issues

MajorSecurity Advisory 42webblizzard CMS - Cross Site Scripting and Session fixation Issues Details ======= Product: webblizzard CMS Remote-Exploit: yes Vendor-URL: http://www.webblizzard.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/05 12:0 a.m.52 views

[MajorSecurity Advisory #38]eXV2 CMS - Session fixation and Cross-Site-Scripting Issues

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/28 12:0 a.m.52 views

Update: ViewCVS and ViewVC 'checkout view' content type fixation issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi! Moritz Naumann wrote: This does not impact how much the rest of my report applies. My findings are now being discussed on the ViewVC developers mailing list 1. They apparently also impact ViewVC. Whether and to which degree what I am reporting c...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/27 12:0 a.m.72 views

Mozilla Foundation Security Advisory 2007-07

Mozilla Foundation Security Advisory 2007-07 Title: Embedded nulls in location.hostname confuse same-domain checks Impact: High Announced: February 23, 2007 Reporter: Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Description Michal Zalewsk...

7.5CVSS0.8AI score0.12144EPSS
Exploits7
Prion
Prion
added 2007/02/01 1:28 a.m.17 views

Session fixation

Cisco IOS after 12.314T, 12.38YC1, 12.38YG, and 12.4, with voice support and without Session Initiated Protocol SIP configured, allows remote attackers to cause a denial of service crash by sending a crafted packet to port 5060/UDP...

7.8CVSS6.8AI score0.03517EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.20 views

Debian DSA-1007-1 : drupal - several vulnerabilities

The Drupal Security Team discovered several vulnerabilities in Drupal, a fully-featured content management and discussion engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1225 Due to missing input sanitising a remote attacker could inject...

5.1CVSS5.7AI score0.01965EPSS
Exploits0References9
NVD
NVD
added 2006/08/08 11:4 p.m.16 views

CVE-2006-3583

Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section...

7.5CVSS6.5AI score0.01722EPSS
Exploits0References6
CVE
CVE
added 2006/08/08 11:0 p.m.49 views

CVE-2006-3583

CVE-2006-3583 describes a session- fixation vulnerability in Jetbox CMS 2.1 SR1 . The root cause involves login/session handling flaws and unsanitised input in server-side scripts (notably in index.php and admin/cms/index.php), enabling an attacker to hijack a user’s session via a crafted link an...

7.5CVSS6.6AI score0.01722EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2006/08/08 11:0 p.m.29 views

CVE-2006-3583

Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section...

6.5AI score0.01722EPSS
Exploits0References6
Rows per page
Query Builder