Lucene search
K

29 matches found

Debian CVE
Debian CVE
added 2017/12/20 5:0 p.m.43 views

CVE-2017-17476

Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...

8.8CVSS8.7AI score0.02223EPSS
Exploits0
Cvelist
Cvelist
added 2015/12/07 8:0 p.m.24 views

CVE-2015-8124

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id...

6.2AI score0.02712EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2014/09/17 12:0 a.m.29 views

Ubuntu 14.04 LTS : Django vulnerabilities (USN-2347-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2347-1 advisory. Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. CVE-2014-0480...

6CVSS5.6AI score0.02449EPSS
Exploits1References5
Prion
Prion
added 2014/09/10 10:55 a.m.15 views

Session fixation

Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors...

6.8CVSS7AI score0.01335EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/09/05 5:0 p.m.19 views

CVE-2014-3909

Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

6.7AI score0.01295EPSS
Exploits0References3
CVE
CVE
added 2014/09/05 5:0 p.m.43 views

CVE-2014-3909

CVE-2014-3909 describes a session-fixation vulnerability in WisePoint (Falcon System Consulting) versions 4.1.19.7 and earlier. The issue allows an attacker to hijack or impersonate a logged-in user through unspecified vectors targeting web sessions. Affected component: WisePoint software; root c...

6.8CVSS6.9AI score0.01295EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/06/02 3:0 p.m.57 views

CVE-2013-7387

CVE-2013-7387 affects DataLife Engine (DLE) 9.7 and earlier . The vulnerability is a session fixation flaw allowing remote attackers to hijack web sessions via the PHPSESSID cookie. The connected documents specify the affected product/version and the attack vector but do not provide concrete reme...

6.8CVSS6.9AI score0.04955EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2014/04/01 6:28 a.m.19 views

Session fixation

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors...

7.5CVSS7.2AI score0.01231EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2014/03/14 4:55 p.m.24 views

CVE-2014-2047

Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors...

6.8CVSS5.9AI score0.0129EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/11/18 9:0 p.m.27 views

CVE-2012-4937

Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsessionid cookie...

6.6AI score0.0242EPSS
Exploits0References4
Prion
Prion
added 2012/09/08 10:28 a.m.16 views

Code injection

HP Business Availability Center BAC 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors...

4.6CVSS6.8AI score0.01065EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/09/17 10:0 a.m.25 views

CVE-2011-3424

Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified...

6.8AI score0.01284EPSS
Exploits0References7
CVE
CVE
added 2009/10/09 2:18 p.m.44 views

CVE-2009-3657

CVE-2009-3657 describes a session fixation vulnerability in the Drupal-related module “Shared Sign-On” versions 5.x and 6.x. The issue allows remote attackers to hijack user sessions via unspecified vectors, as noted in the NVD entry and related records. The vulnerability is characterized as a se...

5.8CVSS6.7AI score0.01087EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2009/08/05 7:30 p.m.25 views

Information disclosure

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...

7.5CVSS6.6AI score0.04564EPSS
Exploits0References31Affected Software2
Prion
Prion
added 2009/03/31 5:30 p.m.22 views

Session fixation

Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page...

6.8CVSS7.2AI score0.01524EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2009/03/31 5:0 p.m.29 views

CVE-2008-6569

Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page...

6.7AI score0.01524EPSS
Exploits0References8
NVD
NVD
added 2009/03/13 10:30 a.m.15 views

CVE-2008-6455

Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.8CVSS6.4AI score0.01219EPSS
Exploits0References4
Cvelist
Cvelist
added 2009/03/13 10:0 a.m.17 views

CVE-2008-6455

Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.4AI score0.01219EPSS
Exploits0References4
NVD
NVD
added 2009/02/13 6:30 p.m.14 views

CVE-2008-6128

Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter...

6.8CVSS6.7AI score0.01256EPSS
Exploits0References5
NVD
NVD
added 2009/02/03 11:30 a.m.18 views

CVE-2008-6039

Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter...

6.8CVSS6.7AI score0.02062EPSS
Exploits1References5
Rows per page
Query Builder