CVE-2025-65883

A vulnerability has been identified in Genexis Platinum P4410 router Firmware P4410-V2–1.41 that allows a local network attacker to achieve Remote Code Execution RCE with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs...

CVE-2025-65883

A vulnerability has been identified in Genexis Platinum P4410 router Firmware P4410-V2–1.41 that allows a local network attacker to achieve Remote Code Execution RCE with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs...

CVE-2025-65883

A vulnerability has been identified in Genexis Platinum P4410 router Firmware P4410-V2–1.41 that allows a local network attacker to achieve Remote Code Execution RCE with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs...

CVE-2025-65883

CVE-2025-65883 affects Genexis Platinum P4410 router (Firmware P4410-V2–1.41). The issue is improper session invalidation after administrator logout, leaving the session token valid and reusable by a local-network attacker. By exploiting the stale token, an attacker can send crafted requests to t...

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

EUVD-2008-7017

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2012-5868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 3.4.2 does not invalidate a wordpresssec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover...

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

Improper Session Management

github.com/answerdev/answer is vulnerable to Improper Session Management. The vulnerability exists in UserLogout function at usercontroller.go due to improper cache handling during the admin logout which allows an attacker to use the token to gain unauthorized access to the application even after...

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

CVE-2019-20077

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability...

osTicket 1.6 ST CSRF / SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

CVE-2009-4907

Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...