20 matches found
UBUNTU-CVE-2026-39324
Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...
CVE-2025-64075
A path traversal vulnerability in the checktoken function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value...
CVE-2025-64075
A path traversal vulnerability in the checktoken function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value...
CVE-2025-54761
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie...
CVE-2025-54761
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie...
CVE-2023-47294
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...
CVE-2021-35046
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie...
CVE-2024-28338
A login bypass in TOTOLINK A8000RU V7.1cu.643B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie...
Design/Logic Flaw
A login bypass in TOTOLINK A8000RU V7.1cu.643B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie...
TOTOLINK A8000RU 安全漏洞
TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An unspecified vulnerability exists in the TOTOLINK A8000RU, which can be exploited by an attacker to log into the administrator account by providing a specially crafted session cookie...
PT-2024-22396 · Totolink · Totolink A8000Ru
Name of the Vulnerable Software and Affected Versions: TOTOLINK A8000RU version V7.1cu.643 B20200521 Description: A login bypass issue allows attackers to login to Administrator accounts by providing a crafted session cookie. Recommendations: For TOTOLINK A8000RU version V7.1cu.643 B20200521,...
CVE-2024-28338
A login bypass in TOTOLINK A8000RU V7.1cu.643B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie...
CVE-2021-35046
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie...
CVE-2021-35046
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie...
Session fixation
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie...
CVE-2021-35046
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie...
CVE-2006-1095
Directory traversal vulnerability in the FileSession object in Modpython module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie...
CVE-2012-2735
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote attackers to hijack web sessions via a crafted session cookie...
CVE-2006-1095
Directory traversal vulnerability in the FileSession object in Modpython module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie...
Directory traversal
Directory traversal vulnerability in the FileSession object in Modpython module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie...