6433 matches found
CVE-2002-0058
Vulnerability in Java Runtime Environment JRE allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in 1 Netscape 6.0 through 6.1 and 4.79 and earlier, 2 Microsoft VM...
CVE-2001-0857
CVE-2001-0857 applies to Imp Webmail prior to version 2.2.7, where status.php3 is vulnerable to a cross-site scripting (XSS) flaw via the message parameter that can enable session hijacking. The connected Nessus plugin notes that IMP
CVE-2002-0058
CVE-2002-0058 describes a vulnerability in the Java Runtime Environment where a web applet could abuse an HTTP proxy to hijack or sniff a client’s session by redirecting traffic to another server. Affected: Netscape 6.x (6.0–6.1) and 4.79 and earlier, and Microsoft VM builds 3802 and earlier (IE ...
CVE-2002-0058
Vulnerability in Java Runtime Environment JRE allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in 1 Netscape 6.0 through 6.1 and 4.79 and earlier, 2 Microsoft VM...
CVE-2001-0922
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in...
[SECURITY] [DSA 099-1] New XChat packages fix potential IRC session hijacking
Attachment: pgpZ3fmunBQVe.pgp Description: PGP message...
Отправка команд от имени пользователя IRC в XChat (session hijacking)
При ответе на команду ping копируются посланные данные без проверки их содержимого, что может привести к выполнению команды...
xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
========================================================================== ======= xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability ======== ========================================================================== It is possible to trick xchat IRC clients 1.4.2, 1.4.3 into sending...
PHP-Nuke AddOn PHPToNuke.php 1.0 - Cross-Site Scripting
PHP-Nuke AddOn PHPToNuke.php 1.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/3807/info phptonuke.php is a PHPNuke AddOn script to insert a PHP script into the middle of a PHPNuke site. It is written and maintained by Lebios. It is possible for a malicious user to create a lin...
PHP-Nuke AddOn PHPToNuke.php 1.0 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/3807/info phptonuke.php is a PHPNuke AddOn script to insert a PHP script into the middle of a PHPNuke site. It is written and maintained by Lebios. It is possible for a malicious user to create a link to the phptonuke.php script which contains script code...
CVE-2001-1532
WebX stores authentication information in the HTTPREFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions...
Aktivate 1.0 3 - Shopping Cart Cross-Site Scripting
Aktivate 1.0 3 - Shopping Cart Cross-Site Scripting source: https://www.securityfocus.com/bid/3714/info Aktivate is a shopping cart system which is geared towards Unix and Linux users, uses MySQL as a backend, and is written in Perl. Aktivate is prone to cross-site scripting attacks. It is possib...
Aktivate 1.0 3 - Shopping Cart Cross-Site Scripting
source: https://www.securityfocus.com/bid/3714/info Aktivate is a shopping cart system which is geared towards Unix and Linux users, uses MySQL as a backend, and is written in Perl. Aktivate is prone to cross-site scripting attacks. It is possible to construct a link containing arbitrary script...
Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting
Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output...
Agora.CGI 3.x/4.0 - Debug Mode Cross-Site Scripting
source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not enabled by default and must be...
NMRC Advisory - NetDynamics Session ID is Reusable
I N F O R M A T I O N A N A R C H Y 2 K 0 1 www.nmrc.org/InfoAnarchy Nomad Mobile Research Centre A D V I S O R Y www.nmrc.org Phuzzy L0gic [email protected] 27Nov2001 Platform : Sun Solaris Version 7, 8 Application : NetDynamics 4.x, 5.x Severity : Medium Synopsis -------- It appears that the...
CVE-2001-0922
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in...
Imp Webmail session hijacking vulnerability
It's possible to hijack an imp/horde session using a cross-site script attack, quite similar to the one explored by Marc Slemko in his "Microsoft Passport to Trouble" paper. - After hijacking the cookies, the attacker can use the session and read the victim's mail. - Imp...
Horde IMP 2.2.x - Session Hijacking
Horde IMP 2.2.x - Session Hijacking source: https://www.securityfocus.com/bid/3525/info IMP is a powerful web-based mail interface/client developed by members of the Horde project. Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to...
Horde IMP 2.2.x - Session Hijacking
source: https://www.securityfocus.com/bid/3525/info IMP is a powerful web-based mail interface/client developed by members of the Horde project. Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked wi...