196 matches found
Juniper VPN client unauthorized access
It's possible to execute Internet Explorer with System rights before authentication via remote session...
Mandriva Update for openssh MDVA-2010:090 (openssh)
Check for the Version of openssh OpenVAS Vulnerability Test Mandriva Update for openssh MDVA-2010:090 openssh Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution vulnerability exploit
No description provided by source. ?php / Author: Giuseppe Zmax Fuggiano giuseppedotfuggianoatgmaildotcom Description: FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution vulnerability exploit fp-includes/core/core.users.php. This code posts a crafted comment with a very simp...
CVE-2009-2150
Multiple cross-site request forgery CSRF vulnerabilities in Campus Virtual-LMS allow 1 remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a ...
[oCERT-2009-004] AjaxTerm session id collision
2009-004 AjaxTerm session id collision Description: AjaxTerm, an open source web based terminal, uses a form of random session id generation which can lead to remote session hijacking. The ajaxterm.js script allocates session ids on the client side using the following method: var...
CVE-2009-0256
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to 1 frontend and 2 backend authentication...
phpwebgallery-hijackexec.txt
$b'.$sort.';' 64. ; An attacker could be able to inject and execute PHP code through $GET'sort', that is passed to createfunction at line 63 see http://www.securityfocus.com/bid/31398. Only admin can access to the plugins management interface, but the attacker might be able to retrieve a valid...
PHPWebGallery 1.7.2 - Session Hijacking Code Execution
PHPWebGallery 1.7.2 - Session Hijacking Code Execution $b'.$sort.';' 64. ; An attacker could be able to inject and execute PHP code through $GET'sort', that is passed to createfunction at line 63 see https://www.securityfocus.com/bid/31398. Only admin can access to the plugins management interfac...
PHPWebGallery 1.7.2 - Session Hijacking / Code Execution
$b'.$sort.';' 64. ; An attacker could be able to inject and execute PHP code through $GET'sort', that is passed to createfunction at line 63 see https://www.securityfocus.com/bid/31398. Only admin can access to the plugins management interface, but the attacker might be able to retrieve a valid...
Debian OpenSSH/OpenSSL Package Random Number Generator Weakness (SSL check)
The remote x509 certificate on the remote SSL server has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library. The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL. An...
Moodle 1.5.2 - moodledata Remote Session Disclosure
Moodle 1.5.2 - moodledata Remote Session Disclosure --/ INTRODUCTION -- / Advisory : MOODLE 2KB SESSION|O:6:"object":12:s:12:"sessiontest";s:10:"zN0PiMhwWK";s:8:"encoding"; s:10:"iso-8859-1";s:7:"fromurl";s:69:"http://www.TARGET.com/moodle/mod/forum/...
Moodle 1.5.2 - 'moodledata' Remote Session Disclosure
--/ INTRODUCTION -- / Advisory : MOODLE 2KB SESSION|O:6:"object":12:s:12:"sessiontest";s:10:"zN0PiMhwWK";s:8:"encoding"; s:10:"iso-8859-1";s:7:"fromurl";s:69:"http://www.TARGET.com/moodle/mod/forum/ view.php?id=100";s:10:"logincount";i:1;s:18:"calcoursereferer";i:0;s:15:"cal...
Moodle <= 1.5.2 (moodledata) Remote Session Disclosure Vulnerability
Exploit for unknown platform in category web applications ==================================================================== Moodle 2KB SESSION|O:6:"object":12:s:12:"sessiontest...
CVE-2004-2182
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server...
CVE-2004-0944
The web management interface for Mitel 3300 Integrated Communications Platform ICP before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie...
CVE-2000-0111
The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions...