CVE-2019-3715

RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks...

CVE-2019-0018

A persistent cross-site scripting XSS vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

Padding Oracle Attack

httpd is vulnerable to padding oracle attack. It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a...

CVE-2018-8919

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors...

typo3 -- multiple vulnerabilities

Typo3 core team reports: CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...

Pippo Java Deserialization Vulnerability

Pippo is a Java-based Web framework . A security vulnerability exists in Pippo version 1.11.0, which stems from the 'SerializationSessionDataTranscoder.decode' function failing to check the type of a SessionData object before calling the 'ObjectInputStream.readObject' function for deserialization...

CVE-2018-18628

Pippo 1.11.0 is affected by CVE-2018-18628. The issue arises in SerializationSessionDataTranscoder.decode(), which calls ObjectInputStream.readObject() to deserialize a SessionData object without verifying object types. An attacker can craft a malicious object, base64-encode it, and place it in t...

SUSE-SU-2018:1161-2 Security update for apache2

This update for apache2 fixes the following issues: CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814...

GHSA-49H4-G8P5-JGQ6 Moderate severity vulnerability that affects org.apache.juddi:juddi-client

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...

Moderate severity vulnerability that affects org.apache.juddi:juddi-client

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...

CVE-2018-14688

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...

Barracuda ADC 5.x - CS Cross Site Scripting Vulnerability

Document Title: =============== Barracuda ADC 5.x - CS Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1425 Release Date: ============= 2018-07-09 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2018-11635

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...

Authentication flaw

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...

CVE-2018-11635

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...

CVE-2018-11635

Dialogic PowerMedia XMS (administration console) is affected by CVE-2018-11635 due to a hard-coded cryptographic key used to protect cookie session data in /var/www/xms/application/config/config.php. This vulnerability enables remote attackers to bypass authentication in PowerMedia XMS versions u...

Dumpzilla - Extract All Forensic Interesting Information Of Firefox, Iceweasel And Seamonkey Browsers

Dumpzilla official site : www.dumpzilla.org http://www.dumpzilla.org "Mozilla browser forensic tool" Manual : Español http://dumpzilla.org/Manualdumpzillaes.txt "Manual en español de dumpzilla" / English http://dumpzilla.org/Manualdumpzillaen.txt "Dumpzilla english Manual" SO : Unix / Win...

totemomail Encryption Gateway Information Disclosure Vulnerability

totemomail Encryption Gateway is a gateway for email encryption. A security vulnerability exists in versions prior to totemomail Encryption Gateway 6.0b567. A remote attacker can exploit this vulnerability by performing a JSONP hijacking attack to obtain sensitive information about user sessions...

CVE-2018-6562

totemomail Encryption Gateway before 6.0b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack...

Medium: httpd24

Issue Overview: Use-after-free on HTTP/2 stream shutdown When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this...