CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

EUVD-2018-4540

Malware in sbrugna...

CVE-2024-42170

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session...

Fortinet Fortigate (FG-IR-22-444)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-444 advisory. - An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 throug...

CVE-2022-43947

An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-forc...

Protect

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions...

CVE-2021-25979

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

Session fixation

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

jenkins: session fixation vulnerability

Session fixation vulnerability was found in Jenkins. The existing session on login process are not invalidated and this allows an attacker to gain potentially additional access on Jenkins by using social engineering attack techniques on a target user...

How To Check If Your Twitter Account Has Been Hacked

Did you ever wonder if your Twitter account has been hacked and who had managed to gain access and when it happened? Twitter now lets you know this. After Google and Facebook, Twitter now lets you see all the devices—laptop, phone, tablet, and otherwise—logged into your Twitter account. Twitter h...

DragonByte vBSecurity for vBulletin Cross-Site Scripting Vulnerability

DragonByte vBSecurity for vBulletin is a suite of vBulletin-based security protection software for web sites from DragonByte Technologies, Scotland. The software monitors configuration file changes, user logins, and alerts you when your website's security is threatened. A cross-site scripting...

Design/Logic Flaw

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

CVE-2018-12580

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

Crestron AM-100 - Multiple Vulnerabilities

Crestron AM-100 - Multiple Vulnerabilities ================================================================= Crestron AM-100 Multiple Vulnerabilities ================================================================= Date: 2016-08-01 Exploit Author: Zach Lanier Vendor Homepage:...

Global Reflective XSS Vulnerability in Qibo News Media System

Qibo news media system is Qibo software company using PHP language developed specifically for the news station and launched a web content management system to provide from the content release, organization, dissemination, interaction and data mining media site integration solutions. Qibo News Med...

VMWare Terminate ESX Login Sessions

This module will log into the Web API of VMWare and try to terminate user login sessions as specified by the session keys. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Terminate ESX...