Lucene search
K

36 matches found

NVD
NVD
added 2026/05/15 7:17 p.m.18 views

CVE-2026-46367

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craft URLs with unescaped quotes to inject event handlers, stealing admin session cookies and achieving...

8.3CVSS0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 5:5 p.m.7 views

CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/09/18 9:15 p.m.37 views

Design/Logic Flaw

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

5.8CVSS7.1AI score0.05093EPSS
Exploits0References6Affected Software3
Debian CVE
Debian CVE
added 2017/12/20 5:0 p.m.23 views

CVE-2017-17476

Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...

8.8CVSS8.7AI score0.02223EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/29 12:0 a.m.85 views

F5 Networks BIG-IP : Linux TCP stack vulnerability (K46514822)

net/ipv4/tcpinput.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. CVE-2016-5696 C Tenable Network Security, Inc. The descriptive text and...

5.8CVSS6.9AI score0.15073EPSS
Exploits3References3
Cvelist
Cvelist
added 2015/12/07 8:0 p.m.22 views

CVE-2015-8124

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id...

6.2AI score0.02712EPSS
Exploits1References7
NVD
NVD
added 2014/11/28 2:59 a.m.15 views

CVE-2014-4831

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors...

5.8CVSS6.5AI score0.00991EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/09/17 12:0 a.m.28 views

Ubuntu 14.04 LTS : Django vulnerabilities (USN-2347-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2347-1 advisory. Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. CVE-2014-0480...

6CVSS5.6AI score0.02449EPSS
Exploits1References5
Prion
Prion
added 2014/09/10 10:55 a.m.15 views

Session fixation

Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors...

6.8CVSS7AI score0.01335EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/09/05 5:0 p.m.43 views

CVE-2014-3909

CVE-2014-3909 describes a session-fixation vulnerability in WisePoint (Falcon System Consulting) versions 4.1.19.7 and earlier. The issue allows an attacker to hijack or impersonate a logged-in user through unspecified vectors targeting web sessions. Affected component: WisePoint software; root c...

6.8CVSS6.9AI score0.01295EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/09/05 5:0 p.m.18 views

CVE-2014-3909

Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

6.7AI score0.01295EPSS
Exploits0References3
CVE
CVE
added 2014/06/02 3:0 p.m.57 views

CVE-2013-7387

CVE-2013-7387 affects DataLife Engine (DLE) 9.7 and earlier . The vulnerability is a session fixation flaw allowing remote attackers to hijack web sessions via the PHPSESSID cookie. The connected documents specify the affected product/version and the attack vector but do not provide concrete reme...

6.8CVSS6.9AI score0.04955EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2014/04/01 6:28 a.m.19 views

Session fixation

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors...

7.5CVSS7.2AI score0.01231EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2014/03/14 4:55 p.m.23 views

CVE-2014-2047

Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors...

6.8CVSS5.9AI score0.0129EPSS
Exploits0References2
Prion
Prion
added 2013/10/02 10:55 p.m.17 views

Design/Logic Flaw

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors...

5.8CVSS6.9AI score0.01168EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/11/18 9:0 p.m.25 views

CVE-2012-4937

Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsessionid cookie...

6.6AI score0.0242EPSS
Exploits0References4
Prion
Prion
added 2012/09/08 10:28 a.m.16 views

Code injection

HP Business Availability Center BAC 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors...

4.6CVSS6.8AI score0.01065EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/09/17 10:0 a.m.25 views

CVE-2011-3424

Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified...

6.8AI score0.01284EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2009/12/19 12:0 a.m.31 views

Barracuda Web Firewall 660 Firmware 7.3.1.007 - Multiple Vulnerabilities

Pentest Information: ==================== GESEC Team remove discover a input validation vulnerability on Barracuda - Web Application Firewall 660 Appliance. A remote attacker is able to get sensitive customer sessions hijackor can implement script routines & malicious codesserver-side|persistent...

7.4AI score
Exploits0
CVE
CVE
added 2009/10/09 2:18 p.m.43 views

CVE-2009-3657

CVE-2009-3657 describes a session fixation vulnerability in the Drupal-related module “Shared Sign-On” versions 5.x and 6.x. The issue allows remote attackers to hijack user sessions via unspecified vectors, as noted in the NVD entry and related records. The vulnerability is characterized as a se...

5.8CVSS6.7AI score0.01087EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder