CVE-2008-4649
published 2008-10-22CVE-2008-4649: Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.45%
82.3th percentile
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elxis | elxis_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Elxis CMS 2008.1 - PHPSESSID Variable Session Fixation
exploitdb·2008-10-14
CVE-2008-4649 Elxis CMS 2008.1 - PHPSESSID Variable Session Fixation
Elxis CMS 2008.1 - PHPSESSID Variable Session Fixation
---
source: https://www.securityfocus.com/bid/31764/info
Elxis CMS is prone to multiple cross-site scripting and session-fixation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The application is also prone to a session-fixation vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Using the session-fixation issue, the attacker can hijack the session and gain unauthorized access to the affected application.
Elxis CMS 2006.1 is vulnerable; other versions may also be affected.
http://www.si
Exploit-DB
Microworld eScan (Multiple Products) - Local Privilege Escalation
exploitdb·2007-08-30
CVE-2007-4649 Microworld eScan (Multiple Products) - Local Privilege Escalation
Microworld eScan (Multiple Products) - Local Privilege Escalation
---
source: https://www.securityfocus.com/bid/25493/info
Multiple MicroWorld eScan products are vulnerable to a local privilege-escalation vulnerability because of insecure default file permissions.
Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.
The following are vulnerable:
eScan Internet Security 9.0.722.1
eScan Virus Control 9.0.722.1
eScan AntiVirus 9.0.722.1
UPDATE (September 4, 2008): The following additional products have been reported as vulnerable:
eScan Corporate 9.0.x
eScan Professional 9.0.x
eScan Workstation Server 9.0.x
eScan Web and Mail Filter 9.0.x
MailScan for Mail-Server 5.6a
MailScan for SMT
No writeups or analysis indexed.
http://packetstormsecurity.org/0810-exploits/elxis-xss.txthttp://www.securityfocus.com/bid/31764https://exchange.xforce.ibmcloud.com/vulnerabilities/45868http://packetstormsecurity.org/0810-exploits/elxis-xss.txthttp://www.securityfocus.com/bid/31764https://exchange.xforce.ibmcloud.com/vulnerabilities/45868
2008-10-22
Published