Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of the sessionId parameter by the file manager’s functionality. The identifier controlle...

GHSA-6XCP-7MPR-M7WM Open WebUI has a CORS misconfiguration and session validation issue

GitHub Security Lab GHSL Vulnerability Report, open-webui: GHSL-2024-174, GHSL-2024-175 The GitHub Security Lab team has identified potential security vulnerabilities in open-webui. We are committed to working with you to help resolve these issues. In this report you will find everything you need...

EUVD-2018-21838

Tenda W3002R/A302/W309R wireless routers version V5.07.64en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted...

Use of Single-factor Authentication

Overview Affected versions of this package are vulnerable to Use of Single-factor Authentication due to improper session validation in the authentication process. An attacker can gain unauthorized access to accounts protected by multi-factor authentication by submitting only a single authenticati...

EUVD-2007-2165

Malware in sbrugna...

CVE-2022-3916

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

CVE-2020-4954

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could...

CVE-2021-1272

A vulnerability in the session validation feature of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. This vulnerability is due to insufficient validation of...

CVE-2020-4494

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 Linux and Windows, 8.1.9.0 trough 8.1.9.1 AIX and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 Linux, 8.1.9.0 through 8.1.9.1 AIX web user interfaces could allow an attacker to bypass authentication due to improper session...

PT-2018-14725 · Go Gitea · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs version 0.11.66 Description: The issue allows remote code execution due to improper validation of session IDs. This can be exploited through a ".." session-file forgery in the file session provider, specifically in the file.go file. The...