CVE-2026-9507 Session fixation vulnerability in Enhancesoft's osTicket

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

SUSE-SU-2017:0346-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 bsc1020905 Upgrade to version jdk8u121 icedtea 3.3.0: - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution...

UBUNTU-CVE-2015-8368

ntopng aka ntop before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/passwordreset.lua...

Code injection

ntopng aka ntop before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/passwordreset.lua...

Code injection

Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified 1 loggedinenduser, 2 loggedinendusername, 3 loggedinuserusergroup, 4 loggedinuser, or 5 loggedinusername cookie...