14 matches found
CVE-2019-16889
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service disk consumption because .cache files in /var/run/beaker/containerfile/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The...
EUVD-2020-6400
Malware in sbrugna...
EUVD-2019-2162
Malware in sbrugna...
EUVD-2019-5660
Malware in sbrugna...
EUVD-2022-51468
Malicious code in bioql PyPI...
CVE-2024-4447
In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API UserSessionAjax.getSessionList.dwr calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack...
CVE-2020-14247
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...
CVE-2020-6290
SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID...
CVE-2019-14475
eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the...
GO-2024-2730 WITHDRAWN: Directory traversal in FilesystemStore in github.com/gorilla/sessions
This report has been withdrawn on the grounds that it generates too many false positives. Session IDs are documented as not being suitable to hold user-provided data. FilesystemStore does not sanitize the Session.ID value, making it vulnerable to directory traversal attacks. If an attacker has...
AuraCMS.txt
--------------------------------------------------------------------------- Vulnerabilities in Aura CMS --------------------------------------------------------------------------- Author: y3dips Date: Januari, 25th 2005 Location: Indonesia, Jakarta Web: http://echo.or.id/adv/adv011-y3dips-2005.tx...
vBulletin 2.0/2.2.x - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5997/info vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser o...
CVE-2002-0226
retrievepassword.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user...
Ipswitch Imail 7.04 vulnerabilities
Hi all, Below are vulnerabilities I have found in Imail Ipswitch.com. Some of them can be very dangerous and it is there for recommended that Imail users upgrade their software asap. After reporting these vulnerabilities to Ipswitch on the 4e of this month it only took 7 days before Ipswitch...