Lucene search
+L

170 matches found

cnnvd
cnnvd
added 2023/05/09 12:0 a.m.5 views

FICO Origination Manager 授权问题漏洞

FICO Origination Manager FICO OM is a comprehensive customer origination platform from FICO USA, Inc. designed to enable both large and small organizations to maximize returns and control costs, and provide strong customer engagement. A security vulnerability exists in FICO Origination Manager...

7.5CVSS7.3AI score0.00723EPSS
Exploits2References5
cvelist
cvelist
added 2023/05/09 12:0 a.m.37 views

CVE-2023-30056

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...

7.7AI score0.00723EPSS
Exploits2References1
zdt
zdt
added 2023/05/09 12:0 a.m.464 views

FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking Vulnerabilities

Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the...

7.5CVSS6.9AI score0.00723EPSS
Exploits2
osv
osv
added 2023/04/18 10:19 p.m.2 views

GHSA-P26G-97M4-6Q7C Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies

Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double quote, it will continue to read the cookie string unti...

2.4CVSS7.1AI score0.013EPSS
Exploits0References11
zdt
zdt
added 2023/04/02 12:0 a.m.191 views

TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (Authenticated) Exploit

!/usr/bin/python3 Exploit Title: TP-Link TL-WR902AC firmware 210730 V3 - Remote Code Execution RCE Authenticated Exploit Author: Tobias Müller Date: 2022-12-01 Version: TL-WR902ACEUV30.9.1 Build 220329 Vendor Homepage: https://www.tp-link.com/ Tested On: TP-Link TL-WR902AC Vulnerability...

8.8CVSS8.9AI score0.33482EPSS
Exploits5
vulnrichment
vulnrichment
added 2023/03/22 10:10 a.m.8 views

CVE-2023-28708 Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...

7.1AI score0.01831EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 5:11 a.m.4 views

SUSE CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

6.5CVSS6.9AI score0.0162EPSS
Exploits0References3
nvd
nvd
added 2022/11/21 11:15 p.m.10 views

CVE-2022-44788

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login...

6.5CVSS0.00615EPSS
Exploits1References1
prion
prion
added 2022/11/21 11:15 p.m.12 views

Session fixation

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login...

4.3CVSS6.4AI score0.00615EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2022/11/21 12:0 a.m.4 views

Maggioli SpA Appalti & Contratti 授权问题漏洞

Maggioli SpA Appalti & Contratti is a modular platform of Maggioli SpA. It consists of several integrated web applications to support Italian public administrations in the computerization and telematics management of their processes. A security vulnerability exists in Maggioli SpA Appalti &...

6.5CVSS6.5AI score0.00615EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2022/11/21 12:0 a.m.5 views

CVE-2022-44788

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login...

6.4AI score0.00615EPSS
Exploits1References1
cvelist
cvelist
added 2022/11/21 12:0 a.m.15 views

CVE-2022-44788

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login...

6.6AI score0.00615EPSS
Exploits1References1
huntr
huntr
added 2022/05/20 5:41 p.m.42 views

SSRF in /service endpoint

Description The problem came from this line of code I ran docker-drawio with following command : docker run -it --rm --name="draw" -e EXPORTURL=http://somesite.com -p 8080:8080 -p 8443:8443 jgraph/drawio if the drawio EXPORTURL is set to an address without any / after the primary Hostname like...

5CVSS6.4AI score0.05704EPSS
Exploits1
ibm
ibm
added 2022/02/15 2:55 p.m.21 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to insecure third party domain access (CVE-2021-29875)

Summary An insecure third party domain access vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-29875 DESCRIPTION: IBM InfoSphere Information Server could allow an attacker to obtain sensitive information due to a insecure third party domain...

7.5CVSS6.7AI score0.01109EPSS
Exploits0Affected Software1
cnvd
cnvd
added 2021/10/09 12:0 a.m.17 views

Gfos Workforce Management Licensing Issue Vulnerability

Gfos Workforce Management, a workforce management system from Mitre Corporation, U.S.A. A security vulnerability exists in Gfos Workforce Management, which stems from poor JSESSIONID management, where the application's login page is prone to bypass authentication and an attacker can use...

8.1CVSS2.5AI score0.00962EPSS
Exploits0References1
attackerkb
attackerkb
added 2021/10/05 4:15 p.m.3 views

CVE-2021-41553

In ARCHIBUS Web Central 21.3.3.815 a version from 2014, the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the...

9.8CVSS7.4AI score0.01203EPSS
Exploits0References2
nvd
nvd
added 2021/10/04 6:15 p.m.22 views

CVE-2021-38618

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone who knows a user's credentials except the password to get access to an account. This occurs because of JSESSIONID mismanagement...

8.1CVSS0.00962EPSS
Exploits0References2
osv
osv
added 2021/10/04 6:15 p.m.4 views

CVE-2021-38618

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone who knows a user's credentials except the password to get access to an account. This occurs because of JSESSIONID mismanagement...

8.1CVSS5.8AI score0.00962EPSS
Exploits0References2
prion
prion
added 2021/10/04 6:15 p.m.13 views

Authentication flaw

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone who knows a user's credentials except the password to get access to an account. This occurs because of JSESSIONID mismanagement...

6.8CVSS8.1AI score0.00962EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2021/10/04 5:23 p.m.20 views

CVE-2021-38618

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone who knows a user's credentials except the password to get access to an account. This occurs because of JSESSIONID mismanagement...

7.4CVSS8.3AI score0.00962EPSS
Exploits0References2
Rows per page
Query Builder