5 matches found
CVE-2026-9507 Session fixation vulnerability in Enhancesoft's osTicket
A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...
SUSE-SU-2017:0346-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 bsc1020905 Upgrade to version jdk8u121 icedtea 3.3.0: - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution...
Code injection
ntopng aka ntop before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/passwordreset.lua...
UBUNTU-CVE-2015-8368
ntopng aka ntop before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/passwordreset.lua...
Code injection
Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified 1 loggedinenduser, 2 loggedinendusername, 3 loggedinuserusergroup, 4 loggedinuser, or 5 loggedinusername cookie...