CVE-2010-4304

The CVE affects Cisco Unified Videoconferencing (UVC) System components: 3545, 5110, 5115, 5230; 3527 PRI Gateway; 3522 BRI Gateway; and 3515 MCU. Root cause is predictable session IDs based on time values, enabling remote attackers to hijack sessions through brute-force. No exploit details are p...

Novell eDirectory < 8.8 SP5 Patch 4 Multiple Vulnerabilities

The remote host is running eDirectory, a directory service software from Novell. The installed version of this software is affected by one or more of the following vulnerabilities : - A denial of service vulnerability in NDSD when handling a malformed verb. Bug 571244 - A stack-based buffer...

Authentication flaw

The administrative web console on the TANDBERG Video Communication Server VCS before X4.3 uses predictable session cookies in 1 tandberg/web/lib/secure.php and 2 tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by...

CVE-2009-4509

The TANDBERG Video Communication Server (VCS) web management interface in versions around x4.2.1 (and possibly earlier) uses forged/predictable session cookies in tandberg/web/lib/secure.php and tandberg/web/user/lib/secure.php, enabling an unauthenticated attacker to bypass authentication and po...

Novell eDirectory DHost Predictable Session ID

The eDirectory DHost web server running on the remote host generates predictable session IDs. A remote attacker could exploit this by predicting the session ID of a legitimately logged-in user, which could lead to the hijacking of administrative sessions. C Tenable Network Security, Inc...

Design/Logic Flaw

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

CVE-2009-2749

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

CVE-2009-2749

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

CVE-2009-2749

CVE-2009-2749 affects IBM WebSphere Application Server 7.0.0.7 with the Feature Pack for Communications Enabled Applications (CEA). The root cause is the use of predictable session values in CEA prior to version 1.0.0.1, which allows a MITM attacker to spoof a collaboration session by guessing th...

CVE-2009-2367

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sessionid parameter...

Design/Logic Flaw

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sessionid parameter...

CVE-2009-2367

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sessionid parameter...

CVE-2009-2367

The CVE-2009-2367 entry concerns the Iomega StorCenter Pro NAS web interface (cgi-bin/makecgi-pro) generating predictable session IDs. The Connected documents confirm exploitability via brute-force guessing of the session_id parameter to hijack active sessions and gain administrative access. A Me...

PT-2009-4796 · Iomega · Iomega Storcenter Pro

Name of the Vulnerable Software and Affected Versions: Iomega StorCenter Pro affected versions not specified Description: The issue allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session id parameter in the "cgi-bin/makecgi-pro"...

CVE-2009-2165

SerendipityNZ aka SimpleBoxes Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id...

Code injection

SerendipityNZ aka SimpleBoxes Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id...

CVE-2009-2165

SerendipityNZ aka SimpleBoxes Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id...

CVE-2009-2165

SerendipityNZ aka SimpleBoxes Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id...

Predictable session ID vulnerability in Serene Bach

Overview Serene Bach from SerendipityNZ Limited contains a vulnerability in which it generates predictable session ID's. Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's. Impact A remote...

JVN#20689557 Predictable session ID vulnerability in Serene Bach

Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's. Impact A remote attacker could impersonate an administrator of Serene Bach. As a result, an attacker could obtain or alter information stored ...