Lucene search
+L

451 matches found

Debian CVE
Debian CVE
added 2017/09/01 1:0 p.m.72 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.4AI score0.00875EPSS
Exploits0
Cvelist
Cvelist
added 2017/09/01 1:0 p.m.46 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.4AI score0.00875EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/30 12:0 a.m.13 views

IBM Sametime Session Enumeration Vulnerability

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A security vulnerability exists in IBM Sametime versions 8.5.2 and 9.0. An attacker could...

4.3CVSS4.8AI score0.00962EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/25 12:0 a.m.6 views

Cisco Integrated Management Controller Hijacked Session Vulnerability

Cisco Integrated Management Controller IMC is the U.S. Cisco Cisco company a set of tools for the management of the UCS Unified Computing System, which supports HTTP, SSH access, etc., and can be on the server, shutdown and reboot operations. A security vulnerability exists in the session...

5.4CVSS7.1AI score0.00967EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/10 12:0 a.m.7 views

Schneider Electric Modicon PLC Multiple Authentication Bypass Vulnerability (CNVD-2017-04918)

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. A multiple authentication bypass vulnerability exists in the Schneider Electric Modicon PLC, where an attacker accessing the OT network could intercept traffic to the target...

9.8CVSS7.3AI score0.05139EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/07 12:0 a.m.4 views

Multiple Huawei server information leakage vulnerabilities

Huawei Tecal RH1288 V2 and others are servers from Huawei, a Chinese company. An information disclosure vulnerability exists in several Huawei servers. The vulnerability can be exploited by an attacker to view the session IDs of all online users in the Online Users page of the Web UI...

6.5CVSS6.2AI score0.00592EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/05 12:0 a.m.42 views

Hak5 WiFi Pineapple Pre-Configured Command Injection Vulnerability

Hak5 WiFi Pineapple is a penetration testing tool used in offensive wireless campaigns. A command injection vulnerability exists in the Hak5 WiFi Pineapple preconfiguration, which can be exploited by an attacker to use predictable anti-CSRF tokens based on session IDs...

7.5CVSS7.6AI score0.36954EPSS
Exploits7References1
RedHat Linux
RedHat Linux
added 2017/03/07 7:6 p.m.6 views

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

7.5CVSS7.4AI score0.16038EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2017/03/07 7:5 p.m.4 views

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

7.5CVSS7.4AI score0.16038EPSS
Exploits0References8
CNVD
CNVD
added 2017/02/10 12:0 a.m.2 views

Revive Adserver REVIVE-SA-2017-001 Session Fixation Vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A session fixation vulnerability exists in Revive Adserver 4.0.0 and earlier versions. An attacker can exploit...

5.9CVSS6.1AI score0.01167EPSS
Exploits0References1
OSV
OSV
added 2017/02/09 3:59 p.m.3 views

CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...

7.5CVSS7.1AI score0.74EPSS
Exploits7References8
OSV
OSV
added 2017/02/01 10:59 p.m.5 views

CVE-2016-5953

IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL...

3.7CVSS5.8AI score0.00842EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/11/03 8:12 a.m.5 views

tomcat: security manager bypass via StatusManagerServlet

It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs...

4.3CVSS7.2AI score0.06232EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/10/10 8:38 p.m.6 views

tomcat: Session fixation

A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...

8.1CVSS7.2AI score0.10573EPSS
Exploits0References5
NVD
NVD
added 2016/07/15 6:59 p.m.15 views

CVE-2016-0339

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."...

5.6CVSS5.3AI score0.01294EPSS
Exploits0References3
Prion
Prion
added 2016/07/15 6:59 p.m.18 views

Design/Logic Flaw

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."...

4.3CVSS6.8AI score0.01294EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/07/08 12:0 a.m.4 views

IBM Jazz Reporting Service (JRS) Session Hijacking Vulnerability

IBM Jazz Reporting Service is an optional component of IBM Rational Reporting for Development Intelligence. IBM Jazz Reporting Service JRS has a security vulnerability in the Report Builder and Data Collection Component DCC implementations due to the program retaining session ID validity after...

8.8CVSS6.8AI score0.01028EPSS
Exploits0References1
CNVD
CNVD
added 2016/06/12 12:0 a.m.4 views

EMC Data Domain OS Arbitrary Account Hijacking Vulnerability

EMC Data Domain systems are data protection storage solutions. EMC Data Domain OS stores the session identifier of the GUI user in a globally readable file, which can be exploited by a local user to hijack arbitrary accounts...

8.8CVSS7AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2016/06/10 1:59 a.m.4 views

CVE-2016-0910

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors...

8.8CVSS5.9AI score0.00313EPSS
Exploits0References2
NVD
NVD
added 2016/06/10 1:59 a.m.15 views

CVE-2016-0910

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors...

8.8CVSS8.2AI score0.00313EPSS
Exploits0References2
Rows per page
Query Builder