Lucene search
K

173 matches found

NVD
NVD
added 2017/05/08 8:29 p.m.23 views

CVE-2017-0892

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file...

4.3CVSS3.9AI score0.00985EPSS
Exploits0References2
Nextcloud
Nextcloud
added 2017/05/08 12:0 a.m.31 views

Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

Improper session handling allowed an application specific password without permission to the files access to the users file...

4.3CVSS2.5AI score0.00985EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2017/05/08 12:0 a.m.6 views

PT-2017-10693 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 11.0.3 Description: The issue is related to improper session handling, which allows an application-specific password to access user files without permission. This affects the security of file access for user...

4.3CVSS3.9AI score0.00985EPSS
Exploits0References6
Hacker One
Hacker One
added 2016/12/17 4:38 p.m.90 views

Nextcloud: Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

Limitation of app specific password scope can be bypassed NC-SA-2017-009 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Authorization CWE-285 Description Improper session handling allowed an application specific password without permission to the files...

4.3CVSS0.7AI score0.00985EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/08/31 12:0 a.m.12 views

Jenkins 1.626 Multiple Vulnerabilities (Feb 2017)

Jenkins is prone to multiple vulnerabilities. This VT has been deprecated and replaced by the VTs SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

7.2AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/08/23 12:0 a.m.8 views

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Conscrypt component in the Android operating system is related to the incorrect definition of session reutilization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.02136EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2016/05/16 6:33 p.m.34 views

New Relic: Improper Session Management

When a User successfully login to account there are new 3 links which he/she can visit but when a user Logout from one link ex:- HTTP://insights.newrelic.com/accounts/11 user successfully logout message will appear & logout. Here user will logout from 2 links ex :-...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/01/11 12:0 a.m.41 views

Netgear 1.0.0.24 Bypass / Improper Session Management

Hi, Can you assign CVE id to this flaw? Details ================ Product Vendor: Netgear Netgear GPL: http://kb.netgear.com/app/answers/detail/aid/2649//netgear-open-source-code-for-programmers-gpl http://www.gnu.org/licenses/gpl.txt Bug Name: Broken Authentication & Improper Session Management i...

0.3AI score
Exploits0
Typo3
Typo3
added 2014/05/22 12:0 a.m.187 views

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...

6CVSS6AI score0.04465EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.73 views

ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability

ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P Affected Products: RSA Da...

2.7CVSS0.4AI score0.00506EPSS
Exploits1
securityvulns
securityvulns
added 2014/04/01 12:0 a.m.50 views

ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability

ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 7.4 AV:A/AC:M/Au:S/C:C/I:C/A:C Affected Products: RSA Da...

2.7CVSS0.4AI score0.00506EPSS
Exploits1
securityvulns
securityvulns
added 2005/07/14 12:0 a.m.42 views

PHPsFTPd - Admin password leak

Author: Stefan Lochbihler Date: 11. Juli 2005 Affected Software: PHPsFTPd Software Version: 0.2 - 0.4 Software URL: http://phpsftpd.sourceforge.net/ Attack: Admin password leak about PHPsFTPd: PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/01/21 12:0 a.m.34 views

Multiple Vulnerabilties In PHPLinks

phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link farm or search engine. phpLinks has multilevel site categorization, infinite threaded search capabilities and more. phpLinks is very simple to setup There lies a fault in the include/add.php script that...

6.3AI score
Exploits0
Rows per page
Query Builder