Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.7 views

CVE-2019-16889

Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service disk consumption because .cache files in /var/run/beaker/containerfile/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The...

7.8CVSS7.1AI score0.0509EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-6400

Malware in sbrugna...

6.5CVSS6.5AI score0.00669EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2162

Malware in sbrugna...

8.8CVSS8.8AI score0.01283EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5660

Malware in sbrugna...

7.5CVSS7.6AI score0.01969EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-51468

Malicious code in bioql PyPI...

8CVSS7.8AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:38 a.m.5 views

CVE-2024-4447

In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API UserSessionAjax.getSessionList.dwr calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack...

9.9CVSS5.8AI score0.00477EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:44 p.m.7 views

CVE-2020-14247

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...

6.5CVSS6.9AI score0.00669EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:45 p.m.7 views

CVE-2020-6290

SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID...

6.8CVSS6.8AI score0.00602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 a.m.9 views

CVE-2019-14475

eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the...

8.2CVSS6.5AI score0.01969EPSS
Exploits2References1
OSV
OSV
added 2024/04/17 3:34 p.m.8 views

GO-2024-2730 WITHDRAWN: Directory traversal in FilesystemStore in github.com/gorilla/sessions

This report has been withdrawn on the grounds that it generates too many false positives. Session IDs are documented as not being suitable to hold user-provided data. FilesystemStore does not sanitize the Session.ID value, making it vulnerable to directory traversal attacks. If an attacker has...

10CVSS9.7AI score0.99999EPSS
Exploits43References1
Packet Storm
Packet Storm
added 2005/03/03 12:0 a.m.35 views

AuraCMS.txt

--------------------------------------------------------------------------- Vulnerabilities in Aura CMS --------------------------------------------------------------------------- Author: y3dips Date: Januari, 25th 2005 Location: Indonesia, Jakarta Web: http://echo.or.id/adv/adv011-y3dips-2005.tx...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/10/18 12:0 a.m.27 views

vBulletin 2.0/2.2.x - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5997/info vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser o...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.19 views

CVE-2002-0226

retrievepassword.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user...

6.8AI score0.01748EPSS
Exploits0References6
securityvulns
securityvulns
added 2001/10/12 12:0 a.m.62 views

Ipswitch Imail 7.04 vulnerabilities

Hi all, Below are vulnerabilities I have found in Imail Ipswitch.com. Some of them can be very dangerous and it is there for recommended that Imail users upgrade their software asap. After reporting these vulnerabilities to Ipswitch on the 4e of this month it only took 7 days before Ipswitch...

7.1AI score
Exploits0
Rows per page
Query Builder