196 matches found
Navarino Infinity Session Fixation Vulnerability
Navarino Infinity is a maritime bandwidth management and optimization solution from Navarino Greece. The solution can be used to equip many types of vessels. A session fixation vulnerability exists in Navarino Infinity version 2.1.7. A remote attacker can exploit this vulnerability to hijack...
CVE-2017-17476
Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...
New TeamViewer Hack Could Allow Clients to Hijack Viewers' Computer
Do you have remote support software TeamViewer installed on your desktop? If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other's PC without permission. TeamViewer is a...
QNAP HelpDesk SQL Injection(CVE-2017-13068)
Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...
Microsoft Windows PowerShell Remote Code Execution Vulnerability
Microsoft Windows, etc. are a series of operating systems released by Microsoft, U.S.A. PowerShell is one of the command line programs. A remote code execution vulnerability exists in PowerShell in Microsoft Windows. An attacker can exploit this vulnerability to execute code in a PowerShell remot...
IBM Maximo Asset Management Session Hijacking Vulnerability
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A security...
CVE-2016-8924
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537...
CVE-2016-4950
Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions...
CVE-2016-6394
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...
UBUNTU-CVE-2015-8124
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id...
UBUNTU-CVE-2015-0218
Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...
CVE-2014-4831
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors...
CVE-2014-2060
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...
PhpWebGallery <= 1.7.2 Session Hijacking / Code Execution Exploit
No description provided by source. ?php / ------------------------------------------------------------------------ PhpWebGallery = 1.7.2 Remote Session Hijacking / Code Execution Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...
Moodle <= 1.5.2 (moodledata) Remote Session Disclosure Vulnerability
No description provided by source. --/ INTRODUCTION -- / Advisory : MOODLE = 1.5.2 user password read out Release Date : 17. March 2007 Application : Moodle.org is a course management system CMS : to help educators create effective online learning communities. Impact : read out user account...
Beware of Zeus Banking Trojan Signed With Valid Digital Signature
A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software "signed" wit...
CVE-2013-4128
Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...
ejb-client: Session fixation due improper connection caching
Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client...
CVE-2012-3257
HP Business Availability Center BAC 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors...
CVE-2012-2144
Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...