EUVD-2019-7045

Malware in sbrugna...

EUVD-2018-2314

Malware in sbrugna...

EUVD-2001-0905

Malware in sbrugna...

CVE-2013-4629

The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method...

CVE-2023-40732

A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks...

Authorization

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

CVE-2021-20115

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...

Weak Authentication

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

CVE-2015-2804

CVE-2015-2804 affects Alcatel-Lucent OmniSwitch models (6450, 6250, 6850E, 9000E, 6400, 6855) with AOS firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02. The vulnerability is weak session identifier generation in the management web interface, enabling remote session hijacking via brut...

SUSE-SU-2015:1300-1 Security update for novnc

novnc was updated to fix a session hijacking problem through insecurely set session token cookies bnc922233, CVE-2013-7436. Security Issues: CVE-2013-7436...

CVE-2014-0651

The administrative interface in Cisco Context Directory Agent CDA does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347...

Design/Logic Flaw

The administrative interface in Cisco Context Directory Agent CDA does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347...

CVE-2008-5670

Textpattern aka Txp CMS 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session...