61 matches found
The vulnerability of the software for centralized logging, analysis, and storage of logs by Graylog, related to incorrect session duration settings, allows a hacker to intercept a user’s session.
The vulnerability of the Graylog log collection, analysis, and storage software lies in the incorrect duration of the session. Exploiting this vulnerability allows a remote attacker to intercept the user’s session...
The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers allows a violator to intercept an active session.
The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers, QMS Automotive, is related to incorrect session duration. Exploiting this vulnerability could allow an attacker to intercept the active session...
The vulnerability of the Admidio membership management and access control application lies in its incorrect session duration, which allows attackers to gain access to confidential information and arbitrary functions of the application.
The vulnerability of the Admidio membership management and access control application is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to confidential information and arbitrary functions of the application...
The vulnerability of the command-line interface of FortiOS operating systems allows a hacker to execute arbitrary commands.
The vulnerability of the command-line interface in FortiOS systems is related to incorrect session duration settings. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the 389 Directory Server’s authentication process, related to incorrect session duration, allows attackers to gain access to confidential data.
The vulnerability of the 389 Directory Server’s authentication service is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...
The vulnerability of the command-line interface of ArubaOS allows a hacker to continue the session on a vulnerable device after removing the affected account.
The vulnerability of the command-line interface of ArubaOS systems is related to incorrect session duration settings. Exploiting this vulnerability allows a remote attacker to continue the session on a vulnerable device after deleting the affected account...
The vulnerability of the EcoStruxure Power Monitoring Expert software lies in its incorrect session duration, which allows an intruder to gain unauthorized access to protected information.
The vulnerability of the EcoStruxure Power Monitoring Expert software is related to incorrect session duration settings. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
Anonymous LOGOUT logs explanation
ns.log: Dec 31 16:13:57 172.31.248.107 12/31/2022:08:13:57 GMT PHQCXADC01 0-PPE-0 : default SSLVPN Message 263167 0 : "Created nFactor session for user Anonymous" Dec 31 16:13:57 172.31.248.107 12/31/2022:08:13:57 GMT PHQCXADC01 0-PPE-0 : default SSLVPN Message 263174 0 : "AAAD API:...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the incorrect expiration time of sessions. This allows attackers to reuse the session credentials to access user information.
The vulnerability of Websoft HCM’s automation software for HR processes is related to incorrect session duration settings. Exploiting this vulnerability allows a malicious actor to repeatedly use session credentials to access user information...
Security Bulletin: Mitigations are being announced to address CVE-2020-4839 and CVE-2021-29695
Summary IBM products 8335-GCA, 8335-GTA, and 8335-GTB have identified security vulnerabilities. Vulnerability Details CVEID:CVE-2020-4839 DESCRIPTION: IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged...
The vulnerability of the BD Synapsys software lies in its incorrect session duration, which allows a perpetrator to gain access, modify, or delete confidential information.
The vulnerability of the BD Synapsys software lies in the incorrect duration of a session. Exploiting this vulnerability can allow an attacker to gain access, modify, or delete confidential information...
The instability of the BigBlueButton server interface’s greenlight feature, related to the incorrect session duration, allows a violator to increase their privileges.
The vulnerability of the BigBlueButton greenlight server interface is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of the Microsoft Office 365 software is related to incorrect session duration settings, which allows attackers to gain unauthorized access to protected information.
The vulnerability of the Microsoft Office 365 software package is related to incorrect session duration settings. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the CGI program of the Zyxel NBG6604 switch, related to incorrect session duration, allows attackers to gain access to the device.
The vulnerability of the CGI program of the Zyxel NBG6604 switch is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to gain access to the device by intercepting the authentication token...
A vulnerability in the web interface for managing Microprogramming Software on Cisco Small Business 220 Series Smart routers exists. This vulnerability is related to an incorrect session duration, which allows a perpetrator to bypass authentication procedures, gain unauthorized access to the device’s web interface, and perform arbitrary actions with administrator privileges.
The vulnerability of the web interface for managing Microprogramming Software on Cisco Small Business 220 Series Smart routers is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor to bypass authentication procedures, gain unauthorized access to...
The vulnerability of the FreeIPA server relates to the incorrect duration of a session, which allows a perpetrator to gain access to the session.
The vulnerability of the FreeIPA server is related to the incorrect duration of the session. Exploiting this vulnerability can allow a hacker to gain access to the session...
The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisor, is related to incorrect session duration settings, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisor, is related to incorrect session duration settings. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protecte...
The vulnerability of the microprogramming software of the Intel Baseboard Management Controller (BMC) relates to incorrect session duration settings. This allows a perpetrator to disclose protected information or cause service failures.
The vulnerability of the microprogramming software of the Intel Baseboard Management Controller BMC is related to incorrect session duration. Exploiting this vulnerability can allow a malicious actor to disclose protected information or cause service failures...
HTTP/2: 0-length headers lead to denial of service
A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...
The vulnerability in the TokenBasedRememberMeServices2.java component of the Jenkins automation server allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the TokenBasedRememberMeServices2.java component located at core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java in the Jenkins automation server is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor, operati...