45 matches found
EUVD-2016-6643
Malware in sbrugna...
EUVD-2017-10365
Malware in sbrugna...
EUVD-2019-13937
Malware in sbrugna...
EUVD-2011-3188
Malware in sbrugna...
CVE-2024-10718
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0...
CVE-2023-46121
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...
CVE-2023-5035
CVE-2023-5035 affects the Moxa PT-G503 Series firmware prior to v5.2. The root cause is that the Secure attribute for sensitive cookies in HTTPS sessions is not set, which can allow cookies to be transmitted in plaintext over an HTTP session. Potential impact includes exposure/manipulation of use...
SUSE CVE-2016-5701
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI...
Improper Authorization in Jenkins Core
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have...
Exploit for Incorrect Permission Assignment for Critical Resource in Wftpserver Wing_Ftp_Server
What's this Wing FTP Server 6.2.5 - Privilege Escalation...
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...
Security Bulletin: Sensitive data protection vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1349)
Summary IBM Sterling B2B Integrator Standard Edition stores potentially sensitive information from HTTP sessions that could be read by a local user. Vulnerability Details CVEID: CVE-2017-1349 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition stores potentially sensitive information from...
CVE-2019-1003004
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have...
Authorization
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have...
CVE-2019-1003004
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have...
CVE-2019-1003004
CVE-2019-1003004 affects Jenkins core (including 2.158 and earlier, LTS 2.150.1 and earlier) due to an improper authorization issue in AuthenticationProcessingFilter2.java that can extend an active HTTP session indefinitely, potentially for a user whose account was deleted. The connected records ...
Session Hijacking
jetty-server is vulnerable to session hijacking. A malicious user can pass a Session ID to the application to hijack and manipulate other Http sessions on the system. Examples of such a session ID include a session ID with a single byte value, a blank session ID and a partial Session ID...
Information disclosure
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525...
CVE-2017-1349
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525...