Buffer overflow

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

CVE-2021-43777

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...

Cross site request forgery (csrf)

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...

RHEL 8 : thunderbird (RHSA-2021:4130)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4130 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fixes: Mozilla:...

CVE-2020-0232

Function abcpcieissuedmaxfersync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abcpciedmauserxferclean. If this happens, abcpciestartdmaxfer and...

The vulnerability of the Firefox Web browser’s session object recompilation component, related to the access to freed memory segments, allows attackers to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of the Firefox Web browser’s session object recompilation component relates to the access to freed memory resources. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data, cause service failures, and compromise data integrity...

Joomla! Session Object Injection RCE

The Joomla! application running on the remote web server is affected by a remote code execution vulnerability due to improper sanitization of session parameters when saving and retrieving the session object. An unauthenticated, remote attacker can exploit this, via a serialized PHP object, to...

PT-2019-14037 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 13.21-cert4 through 15.7.3 Sangoma Asterisk versions 16.5.0 Description: The issue allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash...

CVE-2017-16672

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully...

CVE-2017-16672

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully...

tomcat: Security Manager bypass via persistence mechanisms

It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session...

CVE-2016-3306

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges...

CVE-2016-3306

CVE-2016-3306 concerns the Windows kernel mishandling of session objects, enabling local privilege escalation.affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold/R2; Windows RT 8.1; Windows 10 RTMs 1507/1511/1607. Descr...

Microsoft Windows Session Object Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. A session object elevation of privilege vulnerability exists in Microsoft Windows. A local attacker exploits this vulnerability to hijack other users' sessions...

Windows Session Object Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit the vulnerability, the attacker could run a specially crafted...

The vulnerability of the Apache Tomcat application server allows a attacker to execute arbitrary code in a privileged context.

The vulnerability of the Apache Tomcat application server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in a privileged context through the web application, which creates a specially crafted object during the executi...

CVE-2007-5933

Pioneers formerly gnocatan before 0.11.3 allows remote attackers to cause a denial of service crash by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error...

The use of Session spoofing configuration the most hidden WebShell-vulnerability warning-the black bar safety net

Unknowingly“LM groups”to see the Black anti-there have been two spring and autumn, the period does not fall. Painstaking practice so long, can start playing on a trick or two. See the Black anti-second period of the DreamWeaver caused the network crisis of a text,“LM groups”the heart indescribabl...