Lucene search
+L

196 matches found

CNVD
CNVD
added 2018/04/11 12:0 a.m.5 views

Navarino Infinity Session Fixation Vulnerability

Navarino Infinity is a maritime bandwidth management and optimization solution from Navarino Greece. The solution can be used to equip many types of vessels. A session fixation vulnerability exists in Navarino Infinity version 2.1.7. A remote attacker can exploit this vulnerability to hijack...

8.8CVSS7AI score0.04176EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2017/12/20 5:29 p.m.4 views

CVE-2017-17476

Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...

8.8CVSS5.6AI score0.02223EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2017/12/05 10:6 p.m.19 views

New TeamViewer Hack Could Allow Clients to Hijack Viewers' Computer

Do you have remote support software TeamViewer installed on your desktop? If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other's PC without permission. TeamViewer is a...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2017/10/11 12:0 a.m.50 views

QNAP HelpDesk SQL Injection(CVE-2017-13068)

Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...

5CVSS8.5AI score0.02577EPSS
Exploits3
CNVD
CNVD
added 2017/07/12 12:0 a.m.32 views

Microsoft Windows PowerShell Remote Code Execution Vulnerability

Microsoft Windows, etc. are a series of operating systems released by Microsoft, U.S.A. PowerShell is one of the command line programs. A remote code execution vulnerability exists in PowerShell in Microsoft Windows. An attacker can exploit this vulnerability to execute code in a PowerShell remot...

9.3CVSS8.3AI score0.17522EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/28 12:0 a.m.5 views

IBM Maximo Asset Management Session Hijacking Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A security...

5.6CVSS7AI score0.00777EPSS
Exploits0References1
OSV
OSV
added 2017/04/26 5:59 p.m.5 views

CVE-2016-8924

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537...

5.6CVSS5.8AI score0.00777EPSS
Exploits0References2
OSV
OSV
added 2017/03/07 4:59 p.m.5 views

CVE-2016-4950

Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions...

7.5CVSS5.8AI score0.01589EPSS
Exploits1References2
OSV
OSV
added 2016/09/12 10:59 a.m.8 views

CVE-2016-6394

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...

9.1CVSS5.8AI score0.01448EPSS
Exploits0References3
OSV
OSV
added 2015/12/07 8:59 p.m.6 views

UBUNTU-CVE-2015-8124

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id...

6.8CVSS5.8AI score0.02712EPSS
Exploits1References4
OSV
OSV
added 2015/06/01 7:59 p.m.3 views

UBUNTU-CVE-2015-0218

Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

6.8CVSS5.9AI score0.01014EPSS
Exploits0References4
Cvelist
Cvelist
added 2014/11/28 2:0 a.m.23 views

CVE-2014-4831

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors...

6.5AI score0.00991EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2014/10/17 3:55 p.m.4 views

CVE-2014-2060

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

5CVSS5.6AI score0.01548EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

PhpWebGallery <= 1.7.2 Session Hijacking / Code Execution Exploit

No description provided by source. ?php / ------------------------------------------------------------------------ PhpWebGallery = 1.7.2 Remote Session Hijacking / Code Execution Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Moodle <= 1.5.2 (moodledata) Remote Session Disclosure Vulnerability

No description provided by source. --/ INTRODUCTION -- / Advisory : MOODLE = 1.5.2 user password read out Release Date : 17. March 2007 Application : Moodle.org is a course management system CMS : to help educators create effective online learning communities. Impact : read out user account...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2014/04/06 4:13 p.m.14 views

Beware of Zeus Banking Trojan Signed With Valid Digital Signature

A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software "signed" wit...

6.5AI score
Exploits0
NVD
NVD
added 2013/08/16 4:55 p.m.51 views

CVE-2013-4128

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...

6.4CVSS6.5AI score0.02441EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2013/08/12 6:25 p.m.8 views

ejb-client: Session fixation due improper connection caching

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client...

6.4CVSS5.9AI score0.02473EPSS
Exploits1References4
NVD
NVD
added 2012/09/08 10:28 a.m.14 views

CVE-2012-3257

HP Business Availability Center BAC 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors...

4.6CVSS6.4AI score0.01065EPSS
Exploits0References2
OSV
OSV
added 2012/06/05 10:55 p.m.6 views

CVE-2012-2144

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

6.4AI score
Exploits0References11
Rows per page
Query Builder