Lucene search
K

472 matches found

ATTACKERKB
ATTACKERKB
added 2009/02/03 11:30 a.m.3 views

CVE-2008-6039

Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter...

6.8CVSS5.8AI score0.02062EPSS
Exploits1References6
securityvulns
securityvulns
added 2009/01/28 12:0 a.m.67 views

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

HACKATTACK Advisory 25012009ConPresso CMS 4.07 - Session Fixation, XFS, XSS Details Product: ConPresso CMS 4.07 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.de/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

0.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/07/16 9:55 a.m.57 views

Moderate: Red Hat Security Advisory: php security and bug fix update

Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

10CVSS7.3AI score0.04696EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2008/07/16 9:36 a.m.8 views

php session ID leakage

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

4.3CVSS5.9AI score0.03393EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2008/06/30 3:33 p.m.7 views

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

4.3CVSS5.8AI score0.16944EPSS
Exploits4References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.6 views

Aipo session fixation vulnerability

Overview Aipo, groupware from Aimluck, Inc., contains a session fixation vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user log...

5.8CVSS6.7AI score0.00821EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2008/04/28 9:15 a.m.6 views

tomcat handling of cookies

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes "'" as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks...

4.3CVSS5.8AI score0.37497EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/11/26 1:56 p.m.8 views

tomcat handling of cookies

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes "'" as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks...

4.3CVSS5.8AI score0.37497EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/10/25 5:33 p.m.5 views

php cross-site cookie insertion

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

5CVSS6AI score0.07919EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/10/23 3:54 p.m.6 views

php cross-site cookie insertion

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS6AI score0.07919EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/09/20 1:10 p.m.5 views

php cross-site cookie insertion

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS6AI score0.07919EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2007/05/30 12:0 a.m.27 views

mlf17-sql.txt

!/usr/bin/perl -w My Little Forum = 1.7 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code user.php: if isset$GET'id' $id = $GET'id'; switch $action case "get userdata": if empty$id $id = $userid; else $result =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/05/25 12:0 a.m.27 views

My Little Forum 1.7 - 'user.php?id' SQL Injection

!/usr/bin/perl -w My Little Forum = 1.7 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code user.php: if isset$GET'id' $id = $GET'id'; switch $action case "get userdata": if empty$id $id = $userid; else $result =...

7.4AI score
Exploits0
0day.today
0day.today
added 2007/05/23 12:0 a.m.39 views

Dokeos <= 1.8.0 (my_progress.php course) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================================== Dokeos = 1.8.0 myprogress.php course Remote SQL Injection Exploit ===================================================================== !/usr/bin/perl -w Dokeos = 1.8.0...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/08 12:0 a.m.50 views

[MajorSecurity Advisory #42]webblizzard CMS - Cross Site Scripting and Session fixation Issues

MajorSecurity Advisory 42webblizzard CMS - Cross Site Scripting and Session fixation Issues Details ======= Product: webblizzard CMS Remote-Exploit: yes Vendor-URL: http://www.webblizzard.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/28 12:0 a.m.26 views

Yahoo Messenger information leak

Web mail authentication response reply with session identifier is saved in browser cache...

2AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2007/03/20 8:19 p.m.21 views

CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...

6.8CVSS6.6AI score0.06612EPSS
Exploits1References1
NVD
NVD
added 2007/03/20 8:19 p.m.18 views

CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...

6.8CVSS7.7AI score0.06612EPSS
Exploits1References6
CVE
CVE
added 2007/03/20 8:0 p.m.71 views

CVE-2007-1522

CVE-2007-1522 describes a double-free vulnerability in PHP’s session extension affecting PHP 5.2.0 and 5.2.1. The issue arises when an internal session storage module rejects illegal characters in a session identifier but calls the session identifier generator with an improper environment, causin...

6.8CVSS8AI score0.06612EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2007/02/08 6:28 p.m.14 views

Authentication flaw

admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1...

7.5CVSS7.4AI score0.06426EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder