122 matches found
CVE-2025-35939 Craft CMS stores user-provided content in session files
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...
Craft CMS 安全漏洞
Craft CMS is a content management system CMS from Craft CMS Open Source. A security vulnerability exists in Craft CMS versions prior to 5.7.5 that stems from failure to clean the contents of session files, which could lead to arbitrary code execution...
PT-2025-20312
Name of the Vulnerable Software and Affected Versions Craft CMS versions prior to 4.15.3 Craft CMS versions prior to 5.7.5 Description Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent...
Malicious code in neov (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0c9e3f275318dc63c36dbc902dfd73c0b3aa4fa830d114c0833ed8d24258d9b0 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...
Malicious code in pytzv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc7b0a2cddf6ee0cc4d688f4136758e0d7aaa99707aa5dd82505d84631d77720 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...
MAL-2025-191801 Malicious code in neov (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0c9e3f275318dc63c36dbc902dfd73c0b3aa4fa830d114c0833ed8d24258d9b0 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...
MAL-2025-191847 Malicious code in pytzv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc7b0a2cddf6ee0cc4d688f4136758e0d7aaa99707aa5dd82505d84631d77720 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...
MAL-2025-191849 Malicious code in qtpv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2e0cfa610f53699fb3d04d6296bf28540a6162be41a7268566e999b070b517a6 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...
Missing Authorization
Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Missing Authorization due to improper user verification in the getfile endpoint. This flaw allows unauthorized users to access and retrieve session files by guessing or obtaining valid sessionids,...
CVE-2024-45416
The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...
USN-6943-1 tomcat8, tomcat9 vulnerabilities
It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-6943-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6943-1 advisory. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. ...
SUSE CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current sudo Multiple Vulnerabilities (SSA:2023-311-01)
The version of sudo installed on the remote host is prior to 1.9.15. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-311-01 advisory. - Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt...
GHSA-2R3C-M6V7-9354 sudo-rs Session File Relative Path Traversal vulnerability
Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...
sudo-rs Session File Relative Path Traversal vulnerability
Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...
CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
Path traversal
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
CVE-2023-42456 sudo-rs Session File Relative Path Traversal vulnerability
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
CVE-2023-42456 sudo-rs Session File Relative Path Traversal vulnerability
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...