Lucene search
K

36 matches found

Vulnrichment
Vulnrichment
added 2021/08/04 1:20 p.m.13 views

CVE-2021-26098

An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs...

5.3CVSS6.6AI score0.00814EPSS
Exploits0References1
OSV
OSV
added 2020/12/29 4:15 p.m.4 views

CVE-2020-5801

An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affect...

7.5CVSS7.1AI score0.25219EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/29 12:0 a.m.7 views

Rockwell Automation FactoryTalk Linx Code Issue Vulnerability

Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Rockwell Automation. The product is primarily used to communicate between small applications and large automation systems, among others. A security vulnerability exists in FactoryTalk Linx, which can...

7.5CVSS5.8AI score0.25219EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/09/14 12:0 a.m.4 views

PT-2020-13440 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered where the revocation feature was not revoking all session tokens, allowing them to be re-used to obta...

8.1CVSS7.8AI score0.01225EPSS
Exploits0References11
Veracode
Veracode
added 2020/02/03 8:40 a.m.18 views

Authorization Bypass

centreon/centreon is vulnerable to authorization bypass. The call of services macros can be performed without a valid session...

7.5CVSS2.9AI score0.01771EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2020/01/16 4:15 p.m.5 views

CVE-2019-10940

A vulnerability has been identified in SINEMA Server All versions V14.0 SP2 Update 1. Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability...

9.9CVSS5.8AI score0.01208EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/02/12 12:0 a.m.6 views

The vulnerability of the “Valid Session” component in the Oracle Reports Developer reporting software allows a perpetrator to gain access to protected information.

The vulnerability of the “Valid Session” component in the Oracle Reports Developer software relates to insufficient access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

6.4CVSS6.6AI score0.06466EPSS
Exploits5References3Affected Software1
CNVD
CNVD
added 2018/01/22 12:0 a.m.2 views

IBM Integration Bus Session Hijacking Vulnerability

IBM Integration Bus formerly known as IBM WebSphere Message Broker is an enterprise service bus ESB product from IBM. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. A session hijacking vulnerability...

6.8CVSS6.7AI score0.00937EPSS
Exploits0References1
OSV
OSV
added 2018/01/19 2:29 p.m.5 views

CVE-2017-1693

IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164...

5.6CVSS5.8AI score0.00937EPSS
Exploits0References3
Prion
Prion
added 2017/11/30 9:29 a.m.16 views

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs:...

3.5CVSS5.3AI score0.00891EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/03/14 12:0 a.m.4 views

Zammad Cross-Site Request Forgery Vulnerability

Zammad is a web-based, open-source helpdesk/customer support system from the German company Zammad, with many features to manage customer communication through multiple channels such as phone calls. Zammad suffers from a cross-site request forgery vulnerability. An attacker could use this...

8.8CVSS6.9AI score0.00585EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/02/07 12:27 a.m.15 views

Ubiquiti Inc.: Weak credentials for nutty.ubnt.com

nutty.ubnt.com has a login link, when clicking on it the user is presented with a login form. using 'admin' for both username and password results in valid session. this account allow for the upload of arbitrary files. I am checking to see if this will allow for further functionality like a websh...

2.8AI score
Exploits0
CNVD
CNVD
added 2016/02/08 12:0 a.m.2 views

PHP File Manager 'phpfm.php' Authentication Bypass Vulnerability

PHP File Manager is a suite of applications for managing web sites using PHP scripts. An authentication bypass vulnerability exists in PHP File Manager. An attacker can exploit this vulnerability to obtain a valid session and execute shell commands using restricted functionality...

7.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/02/11 5:38 p.m.6 views

ovirt-engine: cross-site request forgery (CSRF)

A Cross-Site Request Forgery CSRF flaw was found in the oVirt REST API. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid REST API session, would allow the attacker to trigger calls to the oVirt REST API...

6.8CVSS5.8AI score0.00644EPSS
Exploits1References4
Metasploit
Metasploit
added 2014/10/07 7:40 p.m.29 views

Centreon SQL and Command Injection

This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command injection in the displayServiceStatus.php component, it is possible to execute arbitrary commands as long as there is a valid...

10CVSS1.4AI score0.80998EPSS
Exploits9
exploitpack
exploitpack
added 2010/10/12 12:0 a.m.21 views

Oracle Fusion Middleware 10.1.210.1.3 - BPEL Console Cross-Site Scripting

Oracle Fusion Middleware 10.1.210.1.3 - BPEL Console Cross-Site Scripting source: https://www.securityfocus.com/bid/43954/info Oracle Fusion Middleware is prone to a cross-site scripting vulnerability in BPEL Console. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to...

6.8AI score
Exploits0
Rows per page
Query Builder