Lucene search
K

431 matches found

Cvelist
Cvelist
added 2009/07/08 3:0 p.m.23 views

CVE-2009-2367

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sessionid parameter...

9.6AI score0.23195EPSS
Exploits3References4
CVE
CVE
added 2009/07/08 3:0 p.m.71 views

CVE-2009-2367

The CVE-2009-2367 entry concerns the Iomega StorCenter Pro NAS web interface (cgi-bin/makecgi-pro) generating predictable session IDs. The Connected documents confirm exploitability via brute-force guessing of the session_id parameter to hijack active sessions and gain administrative access. A Me...

9.8CVSS9.4AI score0.23195EPSS
Exploits3References4Affected Software1
Positive Technologies
Positive Technologies
added 2009/07/08 12:0 a.m.8 views

PT-2009-4796 · Iomega · Iomega Storcenter Pro

Name of the Vulnerable Software and Affected Versions: Iomega StorCenter Pro affected versions not specified Description: The issue allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session id parameter in the "cgi-bin/makecgi-pro"...

9.8CVSS9.3AI score0.23195EPSS
Exploits3References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/06/18 8:53 a.m.3 views

Predictable session ID vulnerability in Serene Bach

Overview Serene Bach from SerendipityNZ Limited contains a vulnerability in which it generates predictable session ID's. Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's. Impact A remote...

7.5CVSS6.5AI score0.01402EPSS
Exploits0References8
OSV
OSV
added 2009/05/14 5:30 p.m.6 views

CVE-2009-1629

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to 1 hijack a session or 2 cause a denial of service session ID exhaustion via a brute-force attack...

6.3AI score
Exploits0References7
Debian CVE
Debian CVE
added 2009/05/14 5:0 p.m.21 views

CVE-2009-1629

Removed by vendor...

6.8CVSS6.7AI score0.02325EPSS
Exploits1
NVD
NVD
added 2009/01/02 6:11 p.m.16 views

CVE-2008-5810

WBPublish aka WBPublish.exe in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to 1...

10CVSS7.8AI score0.0376EPSS
Exploits0References9
Prion
Prion
added 2009/01/02 6:11 p.m.10 views

Code injection

WBPublish aka WBPublish.exe in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to 1...

10CVSS8.3AI score0.0376EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2008/07/14 6:41 p.m.31 views

CVE-2008-2318

The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs...

5CVSS5.4AI score0.0146EPSS
Exploits1References7
securityvulns
securityvulns
added 2008/06/23 12:0 a.m.37 views

Diigo Toolbar - Global XSS and Information Leakage in SSL URLs

Diigo Toolbar - Global XSS and Information Leakage in SSL URLs == Global XSS == Diigo is http://www.diigo.com/ a social bookmarking and sharing application which allows users to see other users comments and notes for every website. For this feature users should use Diigolet bookmarklet or Diigo...

5.9AI score
Exploits0
NVD
NVD
added 2008/05/16 12:54 p.m.15 views

CVE-2008-2271

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database...

5CVSS6.5AI score0.02007EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2008/03/26 12:0 a.m.451 views

Web Server Uses Non Random Session IDs

The remote web server generates a session ID for each connection. A session ID is typically used to keep track of a user's actions while they visit a website. The remote server generates non-random session IDs. An attacker might use this flaw to guess the session IDs of other users and therefore...

5.5AI score
Exploits0References1
securityvulns
securityvulns
added 2007/11/30 12:0 a.m.54 views

PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script

PR07-14: Cross-site Scripting XSS / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script Date Found: 19th June 2007 Successfully tested on: version 5.5.2 F5 Networks has confirmed the following versions to be vulnerable: FirePass versions 5.4.1 - 5.5.2 FirePass...

6.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2007/10/11 6:21 p.m.5 views

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

4.3CVSS5.8AI score0.16944EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.30 views

FreeBSD : mambo -- multiple vulnerabilities (0bf9d7fb-05b3-11da-bc08-0001020eed82)

A Secunia Advisory reports : Some vulnerabilities have been reported in Mambo, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing and SQL injection attacks. - Input passed to the 'userrating' parameter when voting isn't properly sanitised before...

7.5CVSS6.1AI score0.01323EPSS
Exploits0References2
NVD
NVD
added 2005/09/22 10:3 a.m.17 views

CVE-2005-3042

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters line feed or carriage return...

7.5CVSS6.8AI score0.04127EPSS
Exploits0References14
Cvelist
Cvelist
added 2005/07/14 4:0 a.m.24 views

CVE-2001-1513

Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' slash, as demonstrated using ctx...

6.6AI score0.01532EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/02/28 5:0 a.m.15 views

CVE-2004-0944

The web management interface for Mitel 3300 Integrated Communications Platform ICP before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie...

6.7AI score0.01373EPSS
Exploits0References3
NVD
NVD
added 2004/02/28 5:0 a.m.10 views

CVE-2004-0944

The web management interface for Mitel 3300 Integrated Communications Platform ICP before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie...

5CVSS6.7AI score0.01373EPSS
Exploits0References3
NVD
NVD
added 2003/12/15 5:0 a.m.21 views

CVE-2003-0945

The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities...

7.5CVSS6.7AI score0.01457EPSS
Exploits1References2
Rows per page
Query Builder