6 matches found
EUVD-2014-9077
Malware in sbrugna...
CVE-2023-40273 Session fixation in Apache Airflow web interface
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...
Debian DLA-1790-1 : lemonldap-ng security update
Erratum: bad versions An attack vector was discovered by lemonldap-ng developers. When the SAML or CAS service provider is enable and the administrator has chosen to store SAML/CAS tokens in the session database, an attacker can open an anonymous session to connect to any protected application th...
Debian: Security Advisory (DLA-1790-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1791-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.9.7-3+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 An attack vector was discovered by the lemonldap-ng developers. When the SAML or CAS service provider is enabled and the administrator has chosen to store the SAML/CAS tokens in the session database, an...
CVE-2014-9252
Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416...