Lark Technologies: Able to steal private files by manipulating response using Auto Reply function of Lark

A IDOR Insecure Direct Object Reference vulnerability was found within the "AutoReply" functions of Lark. This vulnerability could have allowed malicious users to fetch the files of other users if they knew the specific file ID which was an alphanumeric value. We thank @imrannisar for reporting...

Session Fixation in Subrion CMS

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie...

GHSA-QPXW-6473-PPWW Session Fixation in Subrion CMS

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie...

CVE-2020-12467

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie...

Session fixation

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie...

CVE-2020-12467

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie...