Showing 1 - 1 of 1

CVE-2019-10045

Status Candidate

Overview

The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active).

Related Files

Pydio 8 Command Execution / Cross Site Scripting: Posted Mar 29, 2019; Authored by Leandro Cuozzo, Ramiro Molina | Site secureauth.com; Pydio 8 suffers from cross site scripting, command injection, and various other vulnerabilities.; tags | exploit, vulnerability, xss; advisories | CVE-2019-10045, CVE-2019-10046, CVE-2019-10047, CVE-2019-10048, CVE-2019-10049; SHA-256 | a040ca84e3fd0ca2896f938ac0fca7bbaf88d693a9572cf3da774c7fb292a8a0; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2019-10045

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems