196 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-9015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server th...
CVE-2022-3217
When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials...
CVE-2020-27739
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2010-3471
Session fixation vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2019-12001
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage versions: GL225P001 and earlier; GL225P001 and...
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...
CVE-2019-5400
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor versions: prior to 5.0.5.1...
CVE-2025-4528
A vulnerability was found in Dígitro NGC Explorer up to 3.44.15 and classified as problematic. This issue affects some unknown processing. The manipulation leads to session expiration. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond i...
CVE-2025-45949
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and...
CVE-2025-0501
An issue in the native clients for Amazon WorkSpaces when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle...
CVE-2025-0500
An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...
Amazon DCV Client <= 2023.1.8993 MITM
The version of Amazon DCV Client installed on the host is vulnerable to a man-in-the-middle vulnerability, allowing an attacker to access remote sessions. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
CVE-2022-26647
A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...
CVE-2025-0501
CVE-2025-0501 affects the native Amazon WorkSpaces clients (PCoIP) and is described as allowing an attacker to access remote sessions via man‑in‑the‑middle, due to a trust management issue (as noted by multiple sources). The issue is associated with high impact across confidentiality, integrity, ...
CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients
An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...
Amazon多款产品 信任管理问题漏洞
Amazon WorkSpaces and others are products of Amazon.com, Inc.Amazon WorkSpaces is a fully hosted, persistent desktop virtualization service that gives your users access to the data, applications, and resources they need, anytime, anywhere, from any supported device.Amazon AppStream is an...
PT-2025-3927 · Amazon · Amazon Workspaces
Name of the Vulnerable Software and Affected Versions: Amazon WorkSpaces affected versions not specified Description: An issue in the native clients for Amazon WorkSpaces when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle. Recommendations: At the...
PT-2025-3926 · Amazon · Amazon Appstream 2.0 +2
Name of the Vulnerable Software and Affected Versions: Amazon WorkSpaces affected versions not specified Amazon AppStream 2.0 affected versions not specified Amazon DCV Clients affected versions not specified Description: An issue in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0,...
CVE-2024-7516
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a...
Brocade Fabric OS 安全漏洞
Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. A security vulnerability exists in Brocade Fabric OS versions prior to 9.2.2, which stems from a vulnerability that could allow a man-in-the-middle attack for remote service...