CVE-2022-3301

CVE-2022-3301 affects rdiffweb prior to version 2.4.8. The root cause is improper cleanup on a thrown exception in the application, which can allow an attacker to influence the content displayed to users (e.g., displaying a message of their choice or injecting misleading data into a page). Refere...

Denial Of Service (DoS)

rdiffweb is vulnerable to denial of service. The vulnerability exists because a fixed length has not been defined for username input parameters which allows an attacker to enter long string values that may result in memory consumption leading to a crash of the application...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A denial of service vulnerability exists in Rdiffweb versions prior to 2.4.8, which stems from the "title" parameter when adding an SSH...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A virtual tampering vulnerability exists in Rdiffweb versions prior to 2.4.8, which can be exploited by an attacker to inject malicious...

PT-2022-21436 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.8 Description: The issue arises from improper handling of length parameter inconsistency, specifically in the validation of email length. This allows users to insert an email longer than 255 characters. If a use...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A denial of service vulnerability exists in Rdiffweb versions prior to 2.4.8, which stems from a lack of length validation of the...

PT-2022-21643 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.8 Description: The issue is related to improper cleanup on thrown exceptions, which could allow an attacker to display a message of their choice onto a web page. Recommendations: For versions prior to 2.4.8,...

PT-2022-21604 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.8 Description: The issue concerns the allocation of resources without limits or throttling, which can lead to a denial-of-service DOS attack or memory corruption. Specifically, there is no limit on the length of...

PT-2022-21561 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.8 Description: The issue is related to improper handling of length parameter inconsistency. It can be exploited via an unlimited length username field, potentially leading to excess memory consumption or memory...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A denial of service vulnerability exists in Rdiffweb versions prior to 2.4.8, which stems from not validating email length in...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A denial of service vulnerability exists in Rdiffweb versions prior to 2.4.8, which stems from a lack of length validation of the root...

PT-2022-21619 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.8 Description: The issue is related to the allocation of resources without limits or throttling, which can lead to a Denial of Service DoS attack. Specifically, an unlimited length "title" field when adding an S...

GHSA-J3Q4-GMJ4-MJ95 rdiffweb vulnerable to account access via session fixation

rdiffweb prior to 2.4.7 fails to invalidate session cookies on logout, leading to session fixation and allowing an attacker to access a users account. After logging in and logging out, the application continues to use the preauthentication cookies. The cookies remain the same after closing the...

rdiffweb vulnerable to account access via session fixation

rdiffweb prior to 2.4.7 fails to invalidate session cookies on logout, leading to session fixation and allowing an attacker to access a users account. After logging in and logging out, the application continues to use the preauthentication cookies. The cookies remain the same after closing the...

CVE-2022-3269

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...

PYSEC-2022-290

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...

PYSEC-2022-290

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...

CVE-2022-3269 Session Fixation in ikus060/rdiffweb

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...

CVE-2022-3269

CVE-2022-3269 affects the rdiffweb web application (itas ikus060/rdiffweb) prior to version 2.4.7. The root cause is failure to invalidate session cookies on logout, enabling session fixation where an attacker can reuse a valid cookie to access a user account after login/logout sequences. Impact ...

CVE-2022-3269 Session Fixation in ikus060/rdiffweb

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...