CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

Apache ZooKeeper Security Vulnerability

Apache Zookeeper is a software project of the Apache Foundation that provides open source distributed configuration services, synchronization services, and named registries for large-scale distributed computing. A security vulnerability exists in Apache ZooKeeper versions prior to 3.9.1, 3.8.3, a...

Oracle Forms and Reports 11.1 - Remote Exploit

No description provided by source. !/usr/bin/env ruby Exploit Title: Oracle Reports 11.1 About: Automated exploit for CVE-2012-3153/CVE-2012-3152 Google Dork: inurl:/reports/rwservlet/ Date: 01/28/2014 Exploit Author: Mekanismen [email protected] Credits to: @misssudo for initial disclosure...

Authentication flaw

Frams's Fast File EXchange FEX, aka fex 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID...

kernel: sctp memory corruption in HMAC handling

The sctpauthasocgethmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmacids array of an SCTP peer, which allows remote attackers to cause a denial of service memory corruption and panic via a crafted value in the last element of this array...