122 matches found
CVE-2019-16354
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Session fixation
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files...
CVE-2019-16355
The CVE-2019-16355 entry concerns Beego’s File Session Manager in Beego 1.10.0, where local attackers can read session files due to weak per-file permissions. Multiple connected sources (Red Hat, OSV entries) reiterate that Beego’s File Session Manager permits information disclosure via improper ...
CVE-2019-16354
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
CVE-2018-20914
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files SEC-368...
Command injection
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files SEC-368...
CVE-2018-20886
cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...
CVE-2018-20886
cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...
Design/Logic Flaw
cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...
CVE-2018-20886
CVE-2018-20886 affects cPanel prior to version 74.0.0, where phpMyAdmin session files are stored insecurely. The entry cites a storage flaw that can impact confidentiality, integrity, and availability at a partial level (local access required; low attack complexity). Exploitation status and speci...
CVE-2018-20886
cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...
CentOS Control Web Panel Elevation of Privilege Vulnerability
CentOS Web Panel CWP is a free web hosting control panel. A security vulnerability exists in CWP version 0.9.8.836. An attacker can exploit the vulnerability by uploading specially crafted session files to the /tmp directory with the help of the cwpsrv-xxx cookie, which can then be used to gain...
CVE-2014-5447
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...
CVE-2014-5447
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...
Design/Logic Flaw
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...
CVE-2014-5447
Technical details for CVE-2014-5447 are not publicly available in the provided documents. No concrete exploit vectors or affected versions are disclosed here; monitor for updates.
CVE-2014-5447
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...
ownCloud Unencrypted Private Key Exposure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Senderek Web Security - Security Advisory ownCloud Unencrypted Private Key Exposure ========================================= https://senderek.ie/archive/2014/owncloudunencryptedprivatekeyexposure.php Revision: 1.00 Last Updated: 3 Aug 2014 Summary: I...
[ MDVSA-2014:182 ] zarafa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:182 http://www.mandriva.com/en/support/security/ Package : zarafa Date : September 24, 2014 Affected: Business Server 1.0 Problem Description: Updated zarafa packages fix security vulnerabilities: Robert...
Information disclosure
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files...