12 matches found
CVE-2026-35660
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...
CVE-2021-38140
The setuser extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after setuser...
SUSE CVE-2009-3230
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the 1 RESET ROLE and 2 RESET SESSION AUTHORIZATION operations, which allows remote authenticated...
Cross-site Request Forgery (CSRF)
Overview solidusauthdevise is a Provides authentication and authorization services for use with Solidus by using Devise and CanCan. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via solidusauthdevise. Note: Users are affected only if protectfromforgery method...
PT-2021-23235 · Unknown · Spree Auth Devise
Name of the Vulnerable Software and Affected Versions: spree auth devise versions prior to 4.0.1 spree auth devise versions prior to 4.1.1 spree auth devise versions prior to 4.2.1 spree auth devise versions prior to 4.4.1 Description: The issue is a CSRF vulnerability that allows user account...
Privilege Escalation
postgresql is vulnerable to privilege escalation. The vulnerability exists as it was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0040 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. ...
Huawei Backup App Reset Session Vulnerability
Huawei Backup App is a cell phone file backup tool. A reset session vulnerability exists in Huawei Backup App, located in the application folder "HuaweiBackup-BackupFiles", which affects a file named info.xml, where encrypted passwords are stored, and can be bypassed and reset by modifying the...
Huawei Backup App - Mobile Reset Session Vulnerability
Document Title: =============== Huawei Backup App - Mobile Reset Session Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1987 Video: https://www.youtube.com/watch?v=YAW9yL1CoW8 Advisory:...
Huawei Backup App - Mobile Reset Session Vulnerability
Document Title: =============== Huawei Backup App - Mobile Reset Session Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1987 Video: https://www.youtube.com/watch?v=YAW9yL1CoW8 Advisory:...
postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the 1 RESET ROLE and 2 RESET SESSION AUTHORIZATION operations, which allows remote authenticated...
postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the 1 RESET ROLE and 2 RESET SESSION AUTHORIZATION operations, which allows remote authenticated...
postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the 1 RESET ROLE and 2 RESET SESSION AUTHORIZATION operations, which allows remote authenticated...