CVE-2024-23586

HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information...

PT-2024-19949 · Hcl · Hcl Nomad

Name of the Vulnerable Software and Affected Versions: HCL Nomad affected versions not specified Description: The issue is related to insufficient session expiration, which under certain circumstances could allow an unauthenticated attacker to obtain old session information. Recommendations: At t...

HCL Nomad 安全漏洞

HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL USA. A security vulnerability exists in HCL Nomad that stems from vulnerability to insufficient session expiration, where an unauthenticated attacker can obtain old session...

PT-2024-31874 · Unknown · Monica Ai Assistant

Name of the Vulnerable Software and Affected Versions: Monica AI Assistant desktop application version 2.3.0 Description: The issue allows an attacker to modify the chatbot's answer with an unloaded image, which can exfiltrate the user's sensitive chat data of the current session to a malicious...

CVE-2024-8471

Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php...

PT-2024-39038 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal versions affected versions not specified Description: A Cross-Site Scripting XSS issue exists due to insufficient encryption of user-controlled input. This could allow an attacker to retrieve the session details of an authenticated...

CVE-2024-33994

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'...

CVE-2024-33993

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...

School Event Management System 跨站脚本漏洞

School Event Management System is a school event management system. A cross-site scripting vulnerability exists in School Event Management System version 1.0. An attacker can create a specially crafted URL and send it to a victim to obtain their session details via the "view" parameter in...

PT-2024-25625 · Unknown · School Management System

Name of the Vulnerable Software and Affected Versions: School Event Management System version 1.0 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the view...

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus, related to access control deficiencies, allows a perpetrator to view data recorded by other users’ sessions.

The vulnerability of the Windows Active Directory AD management and reporting software Zoho ManageEngine ADAudit Plus is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to view data recorded by other users’ sessions...

The vulnerability of the GNOME Remote Desktop remote connection package, related to the provision of data elements for erroneous sessions, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the GNOME Remote Desktop remote connection package lies in the provision of a data element for erroneous sessions. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

Session Data Exposure

TYPO3 is vulnerable to session data exposure. The vulnerability is due to session data of authenticated frontend users being transformed into an anonymous user session during logout, allowing the next user to access previous session data...

CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...

VulnCheck KEV: CVE-2024-0769

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...

udn News Information Disclosure Vulnerability

udn News is a news application from China United News udn Inc. An information disclosure vulnerability exists in udn News versions prior to 4.20.1, which stems from storing a user's session in a logcat file during user login, which can be retrieved by a malicious attacker who can use it to log in...

Denial Of Service (DoS)

TYPO3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of anonymous user sessions in the built-in record registration functionality using recs URL parameters, allowing attackers to create an arbitrary amount of individual session-data records in the database...

PT-2024-37301 · Unknown · Soar Cloud Hr Portal

Name of the Vulnerable Software and Affected Versions: Soar Cloud HR Portal affected versions not specified Description: The issue concerns notification emails sent by Soar Cloud HR Portal, which contain a link with embedded session data. These emails are sent without using an encrypted...

GHSA-G585-CRJF-VHWQ TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality aka basic shopping cart using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

GHSA-QR5F-6FCV-W69Q Typo3 Security Misconfiguration in Frontend Session Handling

It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data...