4 matches found
Authorization Bypass Through User-Controlled Key
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey parameter in the POST /hooks/agent endpoint. An attacker can inject messages or prompts into arbitrary sessions by...
PT-2022-12629 · Lanner · Iac-Ast2500A
Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A version 1.10.0 Description: Session fixation and insufficient session expiration vulnerabilities allow an attacker to perform session hijacking attacks against users. Recommendations: For Lanner Inc IAC-AST2500A versio...
WordPress Photocrati NextGEN Gallery Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Photocrati NextGEN Gallery plugin is one of the image management plugin. A cross-site scripting vulnerability exist...
PT-2009-2743 · Squirrelmail +1 · Squirrelmail +1
Name of the Vulnerable Software and Affected Versions: SquirrelMail version 1.4.8 Description: The issue allows remote authenticated users to access other users' folder lists and configuration data under certain circumstances by using the standard webmail.php interface. This occurs because a Red...