174 matches found
GHSA-9583-H5HC-X8CW React Router has Path Traversal in File Session Storage
If applications use createFileSessionStorage from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the...
CVE-2021-47734
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...
CVE-2021-47734
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...
CVE-2021-47734 CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...
CVE-2021-47734
CVE-2021-47734 affects CMSimple 5.4 and is described as an authenticated local file inclusion vulnerability that can lead to remote code execution by manipulating PHP session files. The root cause cited in connected sources is improper handling of template/function include paths, enabling an atta...
PT-2025-52834
Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...
CMSimple 安全漏洞
CMSimple is a free content management system. CMSimple suffers from a file inclusion vulnerability that stems from improper handling of template/function include paths, which allows the application to include local files without securely restricting and validating the file paths. An attacker can...
GHSA-CQ46-M9X9-J8W2 Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...
EUVD-2020-15915
Malware in sbrugna...
EUVD-2018-13424
Malware in sbrugna...
EUVD-2002-1047
Malware in sbrugna...
EUVD-2019-5914
Malware in sbrugna...
EUVD-2019-6247
Malware in sbrugna...
EUVD-2006-6579
Malware in sbrugna...
EUVD-2019-7961
Malware in sbrugna...
EUVD-2008-5724
Malware in sbrugna...
EUVD-2025-25474
Malicious code in bioql PyPI...
CVE-2025-9307
A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
CVE-2025-9307
A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...