193 matches found
DOS by filling session store
The session backends created a new empty record in the session storage anytime request.session was accessed and there was a session key provided in the request cookies that didn't already have a session record. This could allow an attacker to easily create many new session records simply by sendi...
Debian DSA-3305-1 : python-django - security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework : - CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided...
[SECURITY] [DSA 3305-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3305-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 08, 2015 https://www.debian.org/security/faq -...
DSA-3305-1 python-django - security update
Bulletin has no description...
ThinkPHP一处过滤不当造成SQL注入漏洞
简要描述: 内核中某个模块开发的太粗糙啦。 详细说明: 问题出现在session,Thinkphp支持更换session handle。 handle中包括Db和Memcache,如下配置即可使用数据库作为session的存储器: 设置了选项后,在数据库里插入这个表(前缀think可以自己定义): / 数据库方式Session驱动 CREATE TABLE thinksession sessionid varchar255 NOT NULL, sessionexpire int11 NOT NULL, sessiondata blob, UNIQUE KEY sessionid...
ovirt-engine-api: session ID stored in HTML5 local storage
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page...
Some Versions of Ruby on Rails Could Expose Cookies
Versions 2.0 to 4.0 of the popular open source Web framework Ruby on Rails are vulnerable to a Web security issue involving cookies that could make it much easier for someone to log in to an app as another user. According to security researcher G.S. McNamara, Ruby on Rails’ defacto session storin...
[The Burp SessionAuth] Extension for Detection of Possible Privilege escalation vulnerabilities
Normally a web application should identify a logged in user by data which is stored on the server side in some kind of session storage. However, in web application audits someone can often observe that internal user identifiers are transmitted in HTTP requests as parameters or cookies. Applicatio...
CVE-2011-4136
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...
CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
Code injection
Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service inode consumption by establishing many sessions...
Новый метод атаки через Reverse-IP
Новый метод атаки через reverse-ip Хоть статья и 2009 года, но до сих пор актуальна. 0. INTRO Вобщем не буду делать большое вступление. Недавно имело место хекать сайт. Шел был успешно залит на соседний, но вот беда на сервере грамотно выставленны права. Пришлось включать голову и думать. И в...
MOPB-23-2007:PHP 5 Rejected Session Identifier Double Free Vulnerability
Summary Internal session storage modules can reject session identifiers since PHP 5.2.0 when they contain for example characters consideres malicious. When the session extension gets notified that the session id is invalid, it fails to clear an already freed pointer to the invalid session...