New User, Welcome!     Login

session fixation

Joomla 1.0.12 CMS - Session fixation Issue in backend Administration interface

====================================================================================
Team Intell Security Advisory TISA2007-03
------------------------------------------------------------------------------------
Joomla 1.0.12 CMS - Session fixation Issue in backend Administration interface
====================================================================================


Release date:    10.08.2007
Severity:        Moderately critical
Remote-Exploit:  yes

Mambo 4.6.2 CMS - Session fixation Issue in backend Administration interface

====================================================================================
Team Intell Security Advisory TISA2007-04
------------------------------------------------------------------------------------
Mambo 4.6.2 CMS - Session fixation Issue in backend Administration interface
====================================================================================


Release date:    01.08.2007
Severity:        Moderately critical
Remote-Exploit:  yes

[DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection

- 21/Feb/2011 -> Situation report requested.
- 01/Mar/2011 -> No vendor response.
- 02/Mar/2011 -> Advisory published.

[Bug Summary]
- Session Fixation
- Multiplos Persistent/Stored Cross-Site Scripting (XSS)
- Multiplos Non-Persistent Cross-Site Scripting (XSS)
- Cross Site Request Forgery (CSRF/XSRF)
- Blind SQL Injection (SQLi)

OXID eShop Enterprise: Session Fixation and XSS Vulnerabilities

---------------------------------------------

 OXID eShop Enterprise Edition
 - Session Fixation Vulnerability
 - Stored Cross Site Scripting Vulnerability
 Date: 30.03.2010

---------------------------------------------

- Description

[security bulletin] HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02940969
Version: 2

HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-07-27
Last Updated: 2011-07-27

ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2)

PUBLIC

=========================================================================
ACROS Security Problem Report #2008-03-11-2
-------------------------------------------------------------------------
ASPR #2008-03-11-2: Session Fixation Vulnerability in WebLogic 
                    Administration Console 
=========================================================================

Document ID:     ASPR #2008-03-11-2-PUB
Vendor:          BEA Systems (http://www.bea.com)

Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities

 Released on:   2007/10/21
   Changelog:   ----------
                                                     L   M   H   T
     Summary:   Ip Spoofing                         [X] [_] [_] [X]
                Cross Site Scripting                [X] [_] [_] [X]
                Session Fixation                    [X] [_] [_] [X]
                mail() CRLF Injection               [X] [_] [_] [_]
                Local File Inclusion (+CSRF)        [_] [X] [_] [X]
                File Deletion (+CSRF)               [_] [X] [_] [X]
                File Upload Vulnerability           [_] [_] [X] [X]
                Code Execution (+CSRF)              [_] [_] [X] [X]

ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2)

PUBLIC

=========================================================================
ACROS Security Problem Report #2008-03-11-2
-------------------------------------------------------------------------
ASPR #2008-03-11-2: Session Fixation Vulnerability in WebLogic 
                    Administration Console 
=========================================================================

Document ID:     ASPR #2008-03-11-2-PUB
Vendor:          BEA Systems (http://www.bea.com)

[MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

[MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

Details
=======
Product: xt:Commerce
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.xtcommerce-shop.com/
Vendor-Status: informed
Advisory-Status: published

[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues

[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues

Details
=======
Product: moziloWiki
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: http://www.mozilo.de/
Vendor-Status: informed
Advisory-Status: published

[MajorSecurity Advisory #55]moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues

[MajorSecurity Advisory #55]moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues

Details
=======
Product: moziloCMS
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://cms.mozilo.de/
Vendor-Status: informed
Advisory-Status: published

[HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation

[HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation

Details
************************
Product: Pro Clan Manager CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.proclanmanager.com/
Vendor-Status: informed
Advisory-Status: not yet published

[HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation

[HACKATTACK Advisory #3]Social Impress CMS 1.1 - Session Fixation

Details
************************
Product: Impress CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.impresscms.info
Vendor-Status: informed
Advisory-Status: not yet published

Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities

                2.4.1. Exploit:
                                                Check the exploit/POC section.
        2.6. Cross Site Scripting (XSS). Stored XSS attack in "/room.php" chat service.
                2.5.1. Exploit:
                                                Check the exploit/POC section.
        2.7. Session Management Flaw. "/homepg/index.php" and "/homepg/login.php" are vulnerable to session fixation.
                2.5.1. Exploit:
                                                Check the exploit/POC section.                                          
####################
3. Exploits/POCs:
####################

Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities

                2.4.1. Exploit:
                                                Check the exploit/POC section.
        2.6. Cross Site Scripting (XSS). Stored XSS attack in "/room.php" chat service.
                2.5.1. Exploit:
                                                Check the exploit/POC section.
        2.7. Session Management Flaw. "/homepg/index.php" and "/homepg/login.php" are vulnerable to session fixation.
                2.5.1. Exploit:
                                                Check the exploit/POC section.                                          
####################
3. Exploits/POCs:
####################

[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues

[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues

Details
=======
Product: BLUEPAGE CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.bluepage-cms.com/
Vendor-Status: informed
Advisory-Status: published

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

Details
************************
Product: ConPresso CMS 4.07
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.conpresso.de/
Vendor-Status: informed
Advisory-Status: not yet published

Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities

                2.4.1. Exploit:
                                                Check the exploit/POC section.
        2.6. Cross Site Scripting (XSS). Stored XSS attack in "/room.php" chat service.
                2.5.1. Exploit:
                                                Check the exploit/POC section.
        2.7. Session Management Flaw. "/homepg/index.php" and "/homepg/login.php" are vulnerable to session fixation.
                2.5.1. Exploit:
                                                Check the exploit/POC section.                                          
####################
3. Exploits/POCs:
####################

Apache Axis Session Fixation Vulnerability

=====[ Tempest Security Intelligence - Advisory #02 / 2010 ]===========


Vulnerability  =>  [  'Apache Axis Session Fixation Vulnerability' ]
      
Authors        =>  ['Tiago Ferreira <tiago *SPAM* tempest.com.br>'
                   'Leandro Oliveira <leandro *SPAM* tempest.com.br>' ]


========[ Table of Contents ]===========================================

IBM OmniFind - several vulnerabilities

Product: IBM OmniFind Enterprise Edition
Website: http://www-01.ibm.com/software/data/enterprise-search/omnifind-enterprise/
Vulnerabilities:
   - Cross-Site-Scripting (XSS)
   - Cross-Site-Request-Forgery (XSRF)
   - Session fixation
   - Session impersonation
   - Remote buffer overflow
   - Privilege escalation in two applications
   - Missing authentication in configuration panel
   - Admin password is delivered in plaintext inside the server response

[ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities

* Niels Teusink also reported that the map_yp_alias() function in
  functions/imap_general.php does not filter shell metacharacters in a
  username and that the original patch was incomplete (CVE-2009-1381,
  CVE-2009-1579).

* Tomas Hoger discovered an unspecified session fixation
  vulnerability (CVE-2009-1580).

* Luc Beurton reported that functions/mime.php does not protect the
  application's content from Cascading Style Sheets (CSS) positioning
  in HTML e-mail messages (CVE-2009-1581).

Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AppSecInc Team SHATTER Security Advisory

Oracle Enterprise Manager vulnerable to Session fixation.

Risk Level:
Low

Affected versions:

Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

It's not the "PHPSESSID" parameter - instead it's the "XTCsid" parameter which is vulnerable to a session fixation attack. 

Workaround: 
================
Update to xt:Commerce 3.0.4 SP 2.1

[ GLSA 200711-17 ] Ruby on Rails: Multiple vulnerabilities

Impact
======

Unauthenticated remote attackers could exploit these vulnerabilities to
determine the existence of files or to read the contents of arbitrary
XML files; conduct session fixation attacks and gain unauthorized
access; and to execute arbitrary HTML and script code in a user's
browser session in context of an affected site by enticing a user to
browse a specially crafted URL.

Workaround

[SECURITY] [DSA 1711-1] New TYPO3 packages fix remote code execution

    which makes it easier for attackers to crack this key.

CVE-2009-0256
    Marcus Krause discovered that TYPO3 is not invalidating a supplied session
    on authentication which allows an attacker to take over a victims
    session via a session fixation attack.

CVE-2009-0257
    Multiple cross-site scripting vulnerabilities allow remote attackers to
    inject arbitrary web script or HTML via various arguments and user-
    supplied strings used in the indexed search system extension, adodb

two bytehoard 2.1 bugs

Notes

Depending on the situation, this can be seen as more than a privilege 
escalation, since a malicious attacker can trick a legitimate user into 
logging using an attacker controlled computer or using session fixation.
Were a method of setting the "$_SESSION['username']" found without 
having to log in, this exploit would become a remote root (for the 
application, not the host).
These methods can also be used to escalate privileges to a nonexistent 
account. In that case, a home directory is created for that "phantom"

[SECURITY] [DSA-2115-1] New moodle packages fix several vulnerabilities

project identifies the following problems:

CVE-2010-1613
        Moodle does not enable the "Regenerate session id during
        login" setting by default, which makes it easier for remote
        attackers to conduct session fixation attacks.

CVE-2010-1614
        Multiple cross-site scripting (XSS) vulnerabilities allow
        remote attackers to inject arbitrary web script or HTML via
        vectors related to (1) the Login-As feature or (2) when the

[SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

project identifies the following problems:

CVE-2010-1613
        Moodle does not enable the "Regenerate session id during
        login" setting by default, which makes it easier for remote
        attackers to conduct session fixation attacks.

CVE-2010-1614
        Multiple cross-site scripting (XSS) vulnerabilities allow
        remote attackers to inject arbitrary web script or HTML via
        vectors related to (1) the Login-As feature or (2) when the


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!