CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

CVE-2018-20914

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files SEC-368...

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation Vulnerability

Exploit for linux platform in category web applications //====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

CVE-2019-13359

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user...

Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user...

CVE-2019-13359

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user...

CentOS Control Web Panel 0.9.8.836 Privilege Escalation

//====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation //====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation

//====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +65 more potentially affected by CVE-2018-1000814 via aiohttp-session (>=0.8.0 <=2.1.0)

aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000814 Source advisory: OSV:PYSEC-2018-35...

PT-2018-14725 · Go Gitea · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs version 0.11.66 Description: The issue allows remote code execution due to improper validation of session IDs. This can be exploited through a ".." session-file forgery in the file session provider, specifically in the file.go file. The...

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 2 Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link:...

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

Cacti cross-site scripting vulnerability (CNVD-2017-32248)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...

Network OSINT Gathering Tool: XRay

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It’ll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

CVE-2016-4755

Terminal in Apple OS X before 10.12 uses weak permissions for the .bashhistory and .bashsession files, which allows local users to obtain sensitive information via unspecified vectors...

PHP ext/session/session.c Denial of Service Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A denial of service vulnerability exists in PHP versions prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 in which the ext/session/session.c...

KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10)

Exploit Title: KiTTY Portable Local Code Execution Win7 - Denial Of Service Win8.1 - Denial Of Service Win10 - Denial Of Service...