Dropbox Acquisitions: Session hacking

I hereby want to report a vulnerability i.e. Session hacking. Summary ======== Attacker can still do activities in browser with user's account if user changed his/her password in another browser. Detail ===== If user logged in account in two or more browsers and he has changed password in one of...

LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection

Exploit Title: LimeSurvey Blind SQL injection Date: 20/02/2012 Author: TorTukiTu - OpenSphere Version: 1.91+ build 11804 Tested on: php ckeprotectedCckeprotectedC ------------------------------------------------------------------------- TorTukiTu - Killing Tortoise ,-"""-. oo./ / \ /\ /// \...

Session hacking via authentication cookie on Oracle CRM on Demand

Vulnerability Title: Session hacking via authentication cookie on Oracle CRM on Demand Date: 20/05/2011 Vendor: Oracle Product: Oracle CRM on Demand Software Link: https://sso.crmondemand.com/ Summary: Oracle CRM on Demand is a web application to manage Customer information. Desc: On login proces...

boastmachine-session.txt

Vagrant - E-hack.org 05.22.2007 BoastMachine v3.0 platinum - Session Ýd Hacking After the login into the site which alllows new user registration. Site user's data which is entered to change the topic, can be changed by another user, and that is a security hole because of ID interchangeability in...