EUVD-2002-1914

Malware in sbrugna...

EUVD-2024-44066

Malicious code in bioql PyPI...

CVE-2025-7679 Session ID Basic Auth Bypass

The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...

CVE-2021-30121

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp A valid sessionId is required but can be easily obtained via CVE-2021-30118...

CVE-2002-1935

Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable 1 Call-ID, 2 CSeq, and 3 "To" and "From" SIP URL values in a Session Identification Protocol SIP request, which allows remote attackers to avoid registering with the SIP registrar...

openSUSE: Security Advisory for java-11-openjdk (openSUSE-SU-2021:1480-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1480-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Update to 11.0.13+8 October 2021 CPU - CVE-2021-35550, bsc1191901: Update the default enabled cipher suites preference - CVE-2021-35565, bsc1191909: com.sun.net.HttpsServer spins on TLS session close - CVE-2021-35556, bsc1191910: Richer...

Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.13.8-alt1_1jpp11

0:11.0.13.8-alt11jpp11 built Nov. 8, 2021 Andrey Cherepanov in task 287838 Oct. 23, 2021 Andrey Cherepanov - New version. - Security fixes: + CVE-2021-35550 Update the default enabled cipher suites preference + CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close + CVE-2021-35556...

CVE-2018-17888

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution...

Remote code execution

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution...

CVE-2018-17888

CVE-2018-17888 affects NUUO CMS versions 3.1 and prior. The vulnerability stems from an insecure session identification mechanism that can let an attacker obtain the active session ID, potentially enabling arbitrary remote code execution. Public assessments cite a high/critical risk (CVSS v3 base...

CVE-2018-17888

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution...

CVE-2018-0359

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected...

Trape Cross-Site Scripting Vulnerability

Trape is a set of open source Internet tracking and identification tools. It is capable of remotely identifying sessions and simulating phishing attacks. A cross-site scripting vulnerability exists in versions of Trape prior to 2017-11-05. A remote attacker can exploit the vulnerability to inject...

Cisco TelePresence Server API Privilege Vulnerability

A vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. The vulnerability is due to how session identification information is maintained by a specific API of the affected software. An attacker could...