36 matches found
CVE-2021-26098
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs...
CVE-2020-5801
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affect...
Rockwell Automation FactoryTalk Linx Code Issue Vulnerability
Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Rockwell Automation. The product is primarily used to communicate between small applications and large automation systems, among others. A security vulnerability exists in FactoryTalk Linx, which can...
PT-2020-13440 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered where the revocation feature was not revoking all session tokens, allowing them to be re-used to obta...
Authorization Bypass
centreon/centreon is vulnerable to authorization bypass. The call of services macros can be performed without a valid session...
CVE-2019-10940
A vulnerability has been identified in SINEMA Server All versions V14.0 SP2 Update 1. Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability...
The vulnerability of the “Valid Session” component in the Oracle Reports Developer reporting software allows a perpetrator to gain access to protected information.
The vulnerability of the “Valid Session” component in the Oracle Reports Developer software relates to insufficient access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...
IBM Integration Bus Session Hijacking Vulnerability
IBM Integration Bus formerly known as IBM WebSphere Message Broker is an enterprise service bus ESB product from IBM. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. A session hijacking vulnerability...
CVE-2017-1693
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...
Zammad Cross-Site Request Forgery Vulnerability
Zammad is a web-based, open-source helpdesk/customer support system from the German company Zammad, with many features to manage customer communication through multiple channels such as phone calls. Zammad suffers from a cross-site request forgery vulnerability. An attacker could use this...
Ubiquiti Inc.: Weak credentials for nutty.ubnt.com
nutty.ubnt.com has a login link, when clicking on it the user is presented with a login form. using 'admin' for both username and password results in valid session. this account allow for the upload of arbitrary files. I am checking to see if this will allow for further functionality like a websh...
PHP File Manager 'phpfm.php' Authentication Bypass Vulnerability
PHP File Manager is a suite of applications for managing web sites using PHP scripts. An authentication bypass vulnerability exists in PHP File Manager. An attacker can exploit this vulnerability to obtain a valid session and execute shell commands using restricted functionality...
ovirt-engine: cross-site request forgery (CSRF)
A Cross-Site Request Forgery CSRF flaw was found in the oVirt REST API. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid REST API session, would allow the attacker to trigger calls to the oVirt REST API...
Centreon SQL and Command Injection
This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command injection in the displayServiceStatus.php component, it is possible to execute arbitrary commands as long as there is a valid...
Oracle Fusion Middleware 10.1.210.1.3 - BPEL Console Cross-Site Scripting
Oracle Fusion Middleware 10.1.210.1.3 - BPEL Console Cross-Site Scripting source: https://www.securityfocus.com/bid/43954/info Oracle Fusion Middleware is prone to a cross-site scripting vulnerability in BPEL Console. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to...