11 matches found
EUVD-2026-16999
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...
CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...
EUVD-2022-3205
Malicious code in bioql PyPI...
CVE-2010-1434
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are...
Insecure Authentication
magento/community-edition is vulnerable to Insecure authentication. The vulnerability is due to improper session handling that allows an unauthenticated user to append arbitrary session IDs which will not be invalidated by subsequent authentication, allowing attackers to hijack or manipulate user...
CVE-2021-41553
In ARCHIBUS Web Central 21.3.3.815 a version from 2014, the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the...
CVE-2010-1434
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are...
Exploit for Path Traversal in Rukovoditel
PoC-RCE-Rukovoditel Proof of concept for CVE-2020-11819 and CV...
Magento Authorization Issues Vulnerability (CNVD-2019-40734)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . Magento has an authorization problem vulnerability. An unauthenticated attacker can exploit this vulnerability t...
php: session serializer session data injection vulnerability (MOPS-2010-060)
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...
PHP 5.3.1 - session_save_path() Safe_mode() Restriction Bypass Exploiot
PHP 5.3.1 - sessionsavepath Safemode Restriction Bypass Exploiot source: https://www.securityfocus.com/bid/38182/info PHP is prone to a 'safemode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write session files in arbitrary directions. This vulnerability would...