2159 matches found
CVE-2003-0965
Cross-site scripting XSS vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities...
mailman XSS in admin script
Dirk Mueller reports: I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the valid session cookie...
CVE-2003-0692
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session...
DSA-388 kdebase - several vulnerabilities
Bulletin has no description...
CVE-2003-0692
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session...
CVE-2003-0692
CVE-2003-0690 and CAN-2003-0692 describe vulnerabilities in KDE KDEbase/KDM before patches: KDM may grant local root or escalate privileges if pam_setcred() fails during PAM processing, and the session cookie generation used by KDM is too weak (less than 128 bits of entropy), enabling brute-force...
Moderate: Red Hat Security Advisory: kdebase security update
Updated KDE packages that resolve a local security issue with KDM PAM support and weak session cookie generation are now available. KDE is a graphical desktop environment for the X Window System. KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the KDE Display Manager KDM when...
Moderate: Red Hat Security Advisory: : Updated KDE packages fix security issues
Updated KDE packages that resolve a local security issue with KDM PAM support and weak session cookie generation are now available. KDE is a graphical desktop environment for the X Window System. KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the KDE Display Manager KDM when...
Maxwebportal 1.30 - 'search.asp?Search' Cross-Site Scripting
source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An attacker may execute arbitrary scri...
Maxwebportal 1.30 - Remote Database Disclosure
source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An attacker may execute arbitrary scri...
Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting
Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site...
Multiple webmin bugs
Crossite scripting, session cookie hijacking...
HTTP login page
This script logs onto a web server through a login page and stores the authentication / session cookie. C Tenable Network Security, Inc. @PREFERENCES@ include"compat.inc"; ifdescription scriptid11149; scriptversion"1.37"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/09/29";...
YaBB 1.401.41 - Login Cross-Site Scripting
YaBB 1.401.41 - Login Cross-Site Scripting source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login...
CSS on Microsoft Content Management Server
Hi, while doing a pen-test I found what seems a Cross Site Scriptting on Microsoft Content Management Server. On M$ words: "Microsoft® Content Management Server 2001 MSCMS is an enterprise Web content management system that enables companies to build, deploy, and maintain Internet, intranet, and...
Citrix Nfuse 1.6 - Published Applications Information Leak
Citrix Nfuse 1.6 - Published Applications Information Leak source: https://www.securityfocus.com/bid/3926/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed...
Citrix Nfuse 1.6 - Published Applications Information Leak
source: https://www.securityfocus.com/bid/3926/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver. If a request for 'applist.asp' is submitted...
CVE-2001-0857
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter...
XFree86 X11R6 3.3 XDM - Session Cookie Guessing
// source: https://www.securityfocus.com/bid/2985/info xdm is the X Display Manager, a component of the XFree86 package. xdm manages the display of X sessions both locally and remotely. An xdm server compiled without WrapHelp.c is vulnerable to a brute force X cookie attack, due to using triviall...