Lucene search
K

472 matches found

Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.45 views

Scientific Linux Security Update : php on SL4.x i386/x86_64

It was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd and execute arbitrary commands if the PHP script was usi...

10CVSS7.8AI score0.04696EPSS
Exploits3References7
PyPA
PyPA
added 2012/06/05 10:55 p.m.6 views

PYSEC-2012-33

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

6.8CVSS7AI score0.0211EPSS
Exploits1References12Affected Software1
Debian CVE
Debian CVE
added 2011/10/19 10:0 a.m.51 views

CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

5.8CVSS6.2AI score0.02284EPSS
Exploits0
OpenVAS
OpenVAS
added 2010/12/23 12:0 a.m.37 views

Mandriva Update for openssl MDVSA-2010:248 (openssl)

Check for the Version of openssl OpenVAS Vulnerability Test Mandriva Update for openssl MDVSA-2010:248 openssl Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

4.3CVSS7.1AI score0.09497EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/12/07 12:0 a.m.56 views

OpenSSL 1.0.0 < 1.0.0c Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0c. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0c advisory. - OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allo...

7.5CVSS7.1AI score0.09497EPSS
Exploits1References5
CVE
CVE
added 2010/12/06 10:0 p.m.111 views

CVE-2008-7270

CVE-2008-7270 affects OpenSSL before 0.9.8j when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, allowing an attacker to modify the session-cached ciphersuite and potentially force a disabled cipher. The issue is triggered by session cache handling and is distinct from CVE-2010-4180. Public d...

4.3CVSS8.1AI score0.03426EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2010/12/06 9:5 p.m.7 views

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

7.3AI score
Exploits0References67
Prion
Prion
added 2010/12/06 9:5 p.m.27 views

Session fixation

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

4.3CVSS6.6AI score0.09497EPSS
Exploits0References50Affected Software9
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.5 views

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

4.3CVSS5.8AI score0.16944EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.5 views

tomcat handling of cookies

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes "'" as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks...

4.3CVSS5.8AI score0.37497EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/12/14 12:0 a.m.17 views

FreeBSD Ports: rt

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5.8CVSS6.3AI score0.02745EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2009/12/02 4:30 p.m.21 views

CVE-2009-3585

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...

5.8CVSS5.8AI score0.02745EPSS
Exploits0References2
NVD
NVD
added 2009/12/02 4:30 p.m.10 views

CVE-2009-3585

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...

5.8CVSS6.3AI score0.02745EPSS
Exploits0References16
Prion
Prion
added 2009/12/02 4:30 p.m.14 views

Session fixation

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...

5.8CVSS6.6AI score0.02745EPSS
Exploits0References16Affected Software1
UbuntuCve
UbuntuCve
added 2009/12/02 4:30 p.m.20 views

CVE-2009-4151

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a relate...

5.8CVSS5.8AI score0.01838EPSS
Exploits0References2
CVE
CVE
added 2009/12/02 4:0 p.m.64 views

CVE-2009-3585

CVE-2009-3585 concerns a session fixation vulnerability in Best Practical Solutions RT 3.0.0–3.6.9 and 3.8.x–3.8.5, in the SetupSessionCookie flow (html/Elements/SetupSessionCookie). The underlying issue allows remote attackers to hijack a user’s web session by manipulating the session identifier...

5.8CVSS6.2AI score0.02745EPSS
Exploits0References16Affected Software1
Cvelist
Cvelist
added 2009/12/02 4:0 p.m.21 views

CVE-2009-3585

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...

6.3AI score0.02745EPSS
Exploits0References16
Prion
Prion
added 2009/11/13 3:30 p.m.18 views

Cross site scripting

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

4.3CVSS6.1AI score0.04038EPSS
Exploits3References9Affected Software1
RedHat Linux
RedHat Linux
added 2009/11/09 3:37 p.m.7 views

Improve cookie parsing for tomcat5

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...

5CVSS6AI score0.62575EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2009/03/06 12:0 a.m.40 views

RedHat Update for php RHSA-2008:0544-01

Check for the Version of php OpenVAS Vulnerability Test RedHat Update for php RHSA-2008:0544-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

10CVSS9AI score0.04696EPSS
Exploits3References2
Rows per page
Query Builder