14 matches found
CVE-2026-24013
Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...
EUVD-2005-3042
Malware in sbrugna...
Webmin 0.9x,Usermin 0.9x/1.0 Session ID Spoofing Unauthenticated Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6915/info A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is possible to inject a Sessio...
Debian Security Advisory DSA 319-1 (webmin)
The remote host is missing an update to webmin announced via advisory DSA 319-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities
The installed version of Mambo Open Source on the remote host suffers from the following flaws : - Session ID Spoofing Vulnerability An unspecified flaw in the script 'administrator/index3.php' can be exploited to spoof session IDs. - Local File Disclosure Vulnerability The...
Debian DSA-319-1 : webmin - session ID spoofing
miniserv.pl in the webmin package does not properly handle metacharacters, such as line feeds and carriage returns, in Base64-encoded strings used in Basic authentication. This vulnerability allows remote attackers to spoof a session ID, and thereby gain root privileges. %NASLMINLEVEL 70300 C...
Mandrake Linux Security Advisory : webmin (MDKSA-2003:025)
A vulnerability was discovered in webmin by Cintia M. Imanishi, in the miniserv.pl program, which is the core server of webmin. This vulnerability allows an attacker to spoof a session ID by including special metacharacters in the BASE64 encoding string used during the authentication process. Thi...
[SECURITY] [DSA-319-1] New webmin packages fix remote session ID spoofing
-------------------------------------------------------------------------- Debian Security Advisory DSA 319-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 12th, 2003 http://www.debian.org/security/faq -...
DSA-319 webmin - session ID spoofing
Bulletin has no description...
CVE-2003-0101
miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...
Multiple bugs in Webmin/Usermin
Crossite scripting, session ID spoofing...
Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities
To: [email protected] [email protected] [email protected] [email protected] SCO Security Advisory Subject: Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities Advisory number: CSSA-2003-002.0 Issue date: 2003 January 09 Cross...
Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing
source: https://www.securityfocus.com/bid/6915/info A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is possible to inject a Session ID into the access control list...
[SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability
---------------------------------------------------------------------- SNS Advisory No.53 Webmin/Usermin Session ID Spoofing Vulnerability Problem first discovered: Sat, 4 May 2002 Published: Tue, 7 May 2002 ---------------------------------------------------------------------- Overview: --------...