29 matches found
CVE-2017-17476
Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...
CVE-2015-8124
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id...
Ubuntu 14.04 LTS : Django vulnerabilities (USN-2347-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2347-1 advisory. Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. CVE-2014-0480...
Session fixation
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2014-3909
Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2014-3909
CVE-2014-3909 describes a session-fixation vulnerability in WisePoint (Falcon System Consulting) versions 4.1.19.7 and earlier. The issue allows an attacker to hijack or impersonate a logged-in user through unspecified vectors targeting web sessions. Affected component: WisePoint software; root c...
CVE-2013-7387
CVE-2013-7387 affects DataLife Engine (DLE) 9.7 and earlier . The vulnerability is a session fixation flaw allowing remote attackers to hijack web sessions via the PHPSESSID cookie. The connected documents specify the affected product/version and the attack vector but do not provide concrete reme...
Session fixation
Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2014-2047
Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2012-4937
Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsessionid cookie...
Code injection
HP Business Availability Center BAC 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors...
CVE-2011-3424
Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified...
CVE-2009-3657
CVE-2009-3657 describes a session fixation vulnerability in the Drupal-related module “Shared Sign-On” versions 5.x and 6.x. The issue allows remote attackers to hijack user sessions via unspecified vectors, as noted in the NVD entry and related records. The vulnerability is characterized as a se...
Information disclosure
The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...
Session fixation
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page...
CVE-2008-6569
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page...
CVE-2008-6455
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-6455
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-6128
Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter...
CVE-2008-6039
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter...