Lucene search
+L

6433 matches found

NVD
NVD
added 2002/03/15 5:0 a.m.35 views

CVE-2002-0058

Vulnerability in Java Runtime Environment JRE allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in 1 Netscape 6.0 through 6.1 and 4.79 and earlier, 2 Microsoft VM...

5CVSS6.6AI score0.08587EPSS
Exploits0References3
CVE
CVE
added 2002/03/09 5:0 a.m.49 views

CVE-2001-0857

CVE-2001-0857 applies to Imp Webmail prior to version 2.2.7, where status.php3 is vulnerable to a cross-site scripting (XSS) flaw via the message parameter that can enable session hijacking. The connected Nessus plugin notes that IMP

7.5CVSS6.6AI score0.0349EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2002/03/07 5:0 a.m.66 views

CVE-2002-0058

CVE-2002-0058 describes a vulnerability in the Java Runtime Environment where a web applet could abuse an HTTP proxy to hijack or sniff a client’s session by redirecting traffic to another server. Affected: Netscape 6.x (6.0–6.1) and 4.79 and earlier, and Microsoft VM builds 3802 and earlier (IE ...

5CVSS6.6AI score0.08587EPSS
Exploits0References3Affected Software4
Cvelist
Cvelist
added 2002/03/07 5:0 a.m.41 views

CVE-2002-0058

Vulnerability in Java Runtime Environment JRE allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in 1 Netscape 6.0 through 6.1 and 4.79 and earlier, 2 Microsoft VM...

6.6AI score0.08587EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.24 views

CVE-2001-0922

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in...

6.7AI score0.01571EPSS
Exploits0References3
Debian
Debian
added 2002/01/12 11:46 a.m.44 views

[SECURITY] [DSA 099-1] New XChat packages fix potential IRC session hijacking

Attachment: pgpZ3fmunBQVe.pgp Description: PGP message...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2002/01/10 12:0 a.m.38 views

Отправка команд от имени пользователя IRC в XChat (session hijacking)

При ответе на команду ping копируются посланные данные без проверки их содержимого, что может привести к выполнению команды...

0.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/01/10 12:0 a.m.28 views

xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)

========================================================================== ======= xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability ======== ========================================================================== It is possible to trick xchat IRC clients 1.4.2, 1.4.3 into sending...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2002/01/06 12:0 a.m.14 views

PHP-Nuke AddOn PHPToNuke.php 1.0 - Cross-Site Scripting

PHP-Nuke AddOn PHPToNuke.php 1.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/3807/info phptonuke.php is a PHPNuke AddOn script to insert a PHP script into the middle of a PHPNuke site. It is written and maintained by Lebios. It is possible for a malicious user to create a lin...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2002/01/06 12:0 a.m.31 views

PHP-Nuke AddOn PHPToNuke.php 1.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/3807/info phptonuke.php is a PHPNuke AddOn script to insert a PHP script into the middle of a PHPNuke site. It is written and maintained by Lebios. It is possible for a malicious user to create a link to the phptonuke.php script which contains script code...

7.4AI score
Exploits0
NVD
NVD
added 2001/12/31 5:0 a.m.24 views

CVE-2001-1532

WebX stores authentication information in the HTTPREFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions...

5CVSS6.6AI score0.0126EPSS
Exploits0References2
exploitpack
exploitpack
added 2001/12/18 12:0 a.m.10 views

Aktivate 1.0 3 - Shopping Cart Cross-Site Scripting

Aktivate 1.0 3 - Shopping Cart Cross-Site Scripting source: https://www.securityfocus.com/bid/3714/info Aktivate is a shopping cart system which is geared towards Unix and Linux users, uses MySQL as a backend, and is written in Perl. Aktivate is prone to cross-site scripting attacks. It is possib...

Exploits0
Exploit DB
Exploit DB
added 2001/12/18 12:0 a.m.32 views

Aktivate 1.0 3 - Shopping Cart Cross-Site Scripting

source: https://www.securityfocus.com/bid/3714/info Aktivate is a shopping cart system which is geared towards Unix and Linux users, uses MySQL as a backend, and is written in Perl. Aktivate is prone to cross-site scripting attacks. It is possible to construct a link containing arbitrary script...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2001/12/17 12:0 a.m.11 views

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2001/12/17 12:0 a.m.47 views

Agora.CGI 3.x/4.0 - Debug Mode Cross-Site Scripting

source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not enabled by default and must be...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/11/27 12:0 a.m.44 views

NMRC Advisory - NetDynamics Session ID is Reusable

I N F O R M A T I O N A N A R C H Y 2 K 0 1 www.nmrc.org/InfoAnarchy Nomad Mobile Research Centre A D V I S O R Y www.nmrc.org Phuzzy L0gic [email protected] 27Nov2001 Platform : Sun Solaris Version 7, 8 Application : NetDynamics 4.x, 5.x Severity : Medium Synopsis -------- It appears that the...

7AI score
Exploits0
NVD
NVD
added 2001/11/26 5:0 a.m.25 views

CVE-2001-0922

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in...

7.5CVSS6.8AI score0.01571EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/11/10 12:0 a.m.31 views

Imp Webmail session hijacking vulnerability

It's possible to hijack an imp/horde session using a cross-site script attack, quite similar to the one explored by Marc Slemko in his "Microsoft Passport to Trouble" paper. - After hijacking the cookies, the attacker can use the session and read the victim's mail. - Imp...

7AI score
Exploits0
exploitpack
exploitpack
added 2001/11/09 12:0 a.m.21 views

Horde IMP 2.2.x - Session Hijacking

Horde IMP 2.2.x - Session Hijacking source: https://www.securityfocus.com/bid/3525/info IMP is a powerful web-based mail interface/client developed by members of the Horde project. Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2001/11/09 12:0 a.m.25 views

Horde IMP 2.2.x - Session Hijacking

source: https://www.securityfocus.com/bid/3525/info IMP is a powerful web-based mail interface/client developed by members of the Horde project. Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked wi...

7.4AI score
Exploits0
Rows per page
Query Builder