Lucene search
K

2159 matches found

cvelist
cvelist
added 2004/01/15 5:0 a.m.31 views

CVE-2003-0965

Cross-site scripting XSS vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities...

5.5AI score0.01997EPSS
Exploits0References10
freebsd
freebsd
added 2003/12/31 12:0 a.m.43 views

mailman XSS in admin script

Dirk Mueller reports: I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the valid session cookie...

6.8CVSS6.2AI score0.01997EPSS
Exploits0References2
nvd
nvd
added 2003/10/06 4:0 a.m.23 views

CVE-2003-0692

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session...

7.5CVSS6.4AI score0.02678EPSS
Exploits0References9
osv
osv
added 2003/09/19 12:0 a.m.30 views

DSA-388 kdebase - several vulnerabilities

Bulletin has no description...

10CVSS6AI score0.02678EPSS
Exploits0
cvelist
cvelist
added 2003/09/18 4:0 a.m.30 views

CVE-2003-0692

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session...

6.2AI score0.02678EPSS
Exploits0References9
cve
cve
added 2003/09/18 4:0 a.m.79 views

CVE-2003-0692

CVE-2003-0690 and CAN-2003-0692 describe vulnerabilities in KDE KDEbase/KDM before patches: KDM may grant local root or escalate privileges if pam_setcred() fails during PAM processing, and the session cookie generation used by KDM is too weak (less than 128 bits of entropy), enabling brute-force...

7.5CVSS6.2AI score0.02678EPSS
Exploits0References9Affected Software1
redhat
redhat
added 2003/09/16 8:54 p.m.39 views

Moderate: Red Hat Security Advisory: kdebase security update

Updated KDE packages that resolve a local security issue with KDM PAM support and weak session cookie generation are now available. KDE is a graphical desktop environment for the X Window System. KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the KDE Display Manager KDM when...

10CVSS5.8AI score0.02678EPSS
Exploits0References3
redhat
redhat
added 2003/09/16 8:44 p.m.6 views

Moderate: Red Hat Security Advisory: : Updated KDE packages fix security issues

Updated KDE packages that resolve a local security issue with KDM PAM support and weak session cookie generation are now available. KDE is a graphical desktop environment for the X Window System. KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the KDE Display Manager KDM when...

10CVSS5.8AI score0.02678EPSS
Exploits0References1
exploitdb
exploitdb
added 2003/06/06 12:0 a.m.24 views

Maxwebportal 1.30 - 'search.asp?Search' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An attacker may execute arbitrary scri...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2003/06/06 12:0 a.m.22 views

Maxwebportal 1.30 - Remote Database Disclosure

source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An attacker may execute arbitrary scri...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/06/06 12:0 a.m.14 views

Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting

Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2003/02/25 12:0 a.m.36 views

Multiple webmin bugs

Crossite scripting, session cookie hijacking...

1.2AI score
Exploits0References1Affected Software2
nessus
nessus
added 2002/10/26 12:0 a.m.6432 views

HTTP login page

This script logs onto a web server through a login page and stores the authentication / session cookie. C Tenable Network Security, Inc. @PREFERENCES@ include"compat.inc"; ifdescription scriptid11149; scriptversion"1.37"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/09/29";...

5.4AI score
Exploits0
exploitpack
exploitpack
added 2002/10/18 12:0 a.m.22 views

YaBB 1.401.41 - Login Cross-Site Scripting

YaBB 1.401.41 - Login Cross-Site Scripting source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2002/10/09 12:0 a.m.26 views

CSS on Microsoft Content Management Server

Hi, while doing a pen-test I found what seems a Cross Site Scriptting on Microsoft Content Management Server. On M$ words: "Microsoft® Content Management Server 2001 MSCMS is an enterprise Web content management system that enables companies to build, deploy, and maintain Internet, intranet, and...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2002/01/22 12:0 a.m.21 views

Citrix Nfuse 1.6 - Published Applications Information Leak

Citrix Nfuse 1.6 - Published Applications Information Leak source: https://www.securityfocus.com/bid/3926/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed...

7.3AI score
Exploits0
exploitdb
exploitdb
added 2002/01/22 12:0 a.m.37 views

Citrix Nfuse 1.6 - Published Applications Information Leak

source: https://www.securityfocus.com/bid/3926/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver. If a request for 'applist.asp' is submitted...

7AI score
Exploits0
nvd
nvd
added 2001/12/06 5:0 a.m.12 views

CVE-2001-0857

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter...

7.5CVSS6.6AI score0.0349EPSS
Exploits0References7
exploitdb
exploitdb
added 2001/06/24 12:0 a.m.31 views

XFree86 X11R6 3.3 XDM - Session Cookie Guessing

// source: https://www.securityfocus.com/bid/2985/info xdm is the X Display Manager, a component of the XFree86 package. xdm manages the display of X sessions both locally and remotely. An xdm server compiled without WrapHelp.c is vulnerable to a brute force X cookie attack, due to using triviall...

7AI score
Exploits0
Rows per page
Query Builder