EUVD-2016-1946

Malware in sbrugna...

EUVD-2017-16005

Malware in sbrugna...

Incorrect Session Handling

github.com/mattermost/mattermost is vulnerable to Incorrect Session Handling. The vulnerability is due to improper session management during the use of Single Sign-On SSO, where two sessions—one in the browser and one on the desktop—are created without proper synchronization or settings, allowing...

CVE-2024-10214 Incorrect Session Creation with Desktop SSO

Mattermost versions 9.11.X = 9.11.1, 9.5.x = 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings...

CVE-2024-10214 Incorrect Session Creation with Desktop SSO

Mattermost versions 9.11.X = 9.11.1, 9.5.x = 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings...

ZITADEL Security Vulnerabilities

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from a security vulnerability that stems from the fact that due to a lack of checks, user sessions...

The vulnerability of the PowerScale OneFS operating system, related to incorrect session duration, allows a attacker to trigger a service failure.

The vulnerability of the PowerScale OneFS operating system is related to incorrect session duration. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution lies in the incorrect expiration time of user sessions, which allows attackers to intercept user sessions.

The vulnerability of cloud software for creating and using Nextcloud Server storage solutions is related to incorrect session duration. Exploiting this vulnerability can allow attackers to intercept user sessions...

CVE-2022-46480

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range...

CVE-2023-39452 Socomec MOD3GP-SY-120K Plaintext Storage of a Password

The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application...

The vulnerability of the 389 Directory Server’s authentication process, related to incorrect session duration, allows attackers to gain access to confidential data.

The vulnerability of the 389 Directory Server’s authentication service is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...

Privilege Escalation

parse-server is vulnerable to privilege escalation. The vulnerability exists due to an incorrect session creation when using createWith function that incorrectly classified the session type as being created with a password which gives that user a different level of access than one created as an...

CVE-2021-39138 New anonymous user session acts as if it's created with password

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...

The vulnerability of the SessionListener#sessionDestroyed() method in Eclipse Jetty’s servers allows a hacker to exploit their privileges.

The vulnerability of the SessionListenersessionDestroyed method in Eclipse Jetty-related containers is related to an incorrect session expiration time. Exploiting this vulnerability can allow attackers to increase their privileges...

CVE-2020-3410

A vulnerability in the Common Access Card CAC authentication feature of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The...

Authentication flaw

A vulnerability in the Common Access Card CAC authentication feature of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The...

The vulnerability of the FreeIPA server relates to the incorrect duration of a session, which allows a perpetrator to gain access to the session.

The vulnerability of the FreeIPA server is related to the incorrect duration of the session. Exploiting this vulnerability can allow a hacker to gain access to the session...

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisor, is related to incorrect session duration settings, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisor, is related to incorrect session duration settings. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protecte...

CVE-2019-10158

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...

CVE-2016-10955

The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...