15 matches found
EUVD-2024-39545
Malicious code in bioql PyPI...
EUVD-2022-38763
Malicious code in bioql PyPI...
CVE-2022-35890
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy...
CVE-2024-42207
HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session...
CVE-2024-42207
HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session...
CVE-2024-42207 HCL iAutomate is affected by a session fixation vulnerability
HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session...
CVE-2024-42207 HCL iAutomate is affected by a session fixation vulnerability
HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session...
CVE-2024-42207
CVE-2024-42207 concerns HCL iAutomate and describes a session fixation vulnerability that could allow an attacker to hijack a victim’s session ID from an authenticated session. Multiple sources corroborate the issue but do not provide concrete patch details or affected versions. PT-Security notes...
Session Fixation
Keycloak is vulnerable to session fixation. The vulnerability is due to improper session management, as the session ID and JSESSIONID cookie are not updated upon login, allowing attackers to hijack a session before authentication and trigger session fixation...
Debian DSA-2642-1 : sudo - several issues
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the...
[SECURITY] [DSA 2642-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2642-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 09, 2013 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2642-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2001-1286
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control...
CVE-2001-1545
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests a.k.a. rewriting when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing...
CVE-2000-0716
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email...