Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

6AI score0.00471EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-3042

Malware in sbrugna...

7.5CVSS6.1AI score0.04127EPSS
Exploits0References16
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Webmin 0.9x,Usermin 0.9x/1.0 Session ID Spoofing Unauthenticated Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6915/info A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is possible to inject a Sessio...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.12 views

Debian Security Advisory DSA 319-1 (webmin)

The remote host is missing an update to webmin announced via advisory DSA 319-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7AI score0.15469EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/06/15 12:0 a.m.23 views

Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities

The installed version of Mambo Open Source on the remote host suffers from the following flaws : - Session ID Spoofing Vulnerability An unspecified flaw in the script 'administrator/index3.php' can be exploited to spoof session IDs. - Local File Disclosure Vulnerability The...

7.5CVSS6.1AI score0.01323EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.62 views

Debian DSA-319-1 : webmin - session ID spoofing

miniserv.pl in the webmin package does not properly handle metacharacters, such as line feeds and carriage returns, in Base64-encoded strings used in Basic authentication. This vulnerability allows remote attackers to spoof a session ID, and thereby gain root privileges. %NASLMINLEVEL 70300 C...

10CVSS5.5AI score0.15469EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.19 views

Mandrake Linux Security Advisory : webmin (MDKSA-2003:025)

A vulnerability was discovered in webmin by Cintia M. Imanishi, in the miniserv.pl program, which is the core server of webmin. This vulnerability allows an attacker to spoof a session ID by including special metacharacters in the BASE64 encoding string used during the authentication process. Thi...

10CVSS5.5AI score0.15469EPSS
Exploits0References2
Debian
Debian
added 2003/06/12 11:53 p.m.24 views

[SECURITY] [DSA-319-1] New webmin packages fix remote session ID spoofing

-------------------------------------------------------------------------- Debian Security Advisory DSA 319-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 12th, 2003 http://www.debian.org/security/faq -...

10CVSS6.4AI score0.15469EPSS
Exploits0
OSV
OSV
added 2003/06/12 12:0 a.m.25 views

DSA-319 webmin - session ID spoofing

Bulletin has no description...

10CVSS6.1AI score0.15469EPSS
Exploits0
Cvelist
Cvelist
added 2003/02/26 5:0 a.m.26 views

CVE-2003-0101

miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...

6.5AI score0.15469EPSS
Exploits0References17
securityvulns
securityvulns
added 2003/02/25 12:0 a.m.33 views

Multiple bugs in Webmin/Usermin

Crossite scripting, session ID spoofing...

1AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2003/02/25 12:0 a.m.43 views

Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities

To: [email protected] [email protected] [email protected] [email protected] SCO Security Advisory Subject: Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities Advisory number: CSSA-2003-002.0 Issue date: 2003 January 09 Cross...

7.5CVSS0.8AI score0.01851EPSS
Exploits1
Exploit DB
Exploit DB
added 2003/02/20 12:0 a.m.45 views

Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing

source: https://www.securityfocus.com/bid/6915/info A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is possible to inject a Session ID into the access control list...

7AI score
Exploits0
securityvulns
securityvulns
added 2002/05/10 12:0 a.m.29 views

[SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability

---------------------------------------------------------------------- SNS Advisory No.53 Webmin/Usermin Session ID Spoofing Vulnerability Problem first discovered: Sat, 4 May 2002 Published: Tue, 7 May 2002 ---------------------------------------------------------------------- Overview: --------...

7.6AI score
Exploits0
Rows per page
Query Builder