CVE-2026-47269

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

CVE-2026-47270

CVE-2026-47270 affects the pam_usb PAM module used for Linux hardware authentication. The denial logic (deny_remote) uses non-reentrant strtok(), with three functions sharing a global token pointer; in multi-threaded authentication (e.g., long-lived display managers like GDM), two concurrent auth...

PT-2026-44115

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.0 Description This issue occurs in the deny remote feature of the PAM module, which is loaded into host processes such as sudo, login, GDM, and GNOME Shell. In multi-threaded environments like GDM, three functions...

pam_usb 竞争条件问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 contained a race condition vulnerability. This vulnerability stemmed from the use of non-reentrant functions like strtok, which led to race conditions...

CVE-2025-59147

Suricata (OISF) versions 7.0.11 and earlier, and 8.0.0, are affected by a detection bypass vulnerability caused by handling multiple SYN packets with different sequence numbers in the same flow tuple, which can prevent TCP session tracking. In IDS mode this can bypass detections/logs; in IPS mode...

Exploiting API4 — 8 Real-World Unrestricted Resource Consumption Attack Scenarios (and How to Stop Them)

Unrestricted Resource ConsumptionAPI4:2023 is the only threat category in the OWASP API Security Top 10 explicitly dedicated to Denial of Service DoS and resource abuse. But despite being just one category, attackers can exploit it in many different ways; from large file uploads and expensive...

phpMyAdmin allows to detect if user is logged in

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to...

TuyaUS Active Session Detection via HTTP (deprecated)

Binary data 700263.prm...

SS-2017-006: Session user agent change detection

More info at https://www.silverstripe.org/download/security-releases/ss-2017-006/...

CVE-2016-6625

Summary: CVE-2016-6625 affects phpMyAdmin. An information-disclosure vulnerability allows an attacker to determine whether a user is logged in to phpMyAdmin. Affected versions are all 4.6.x before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before 4.0.10.17. The disclosure does not expose the user’s ...

OpenVPN client session setup detection

Binary data 3541.prm...

[NetShareMonitor] Network File Share Monitoring Software

| Net Share Monitor is the free software to Monitor your Shared Files from unknown users in the network. --- Whenever any remote user accesses your Shared Files, NetShareMonitor alerts you by blinking the icon in the systray or making the alert sound. For each connection, it shows the IP address,...

Simple Machines Forum (SMF) 1.0.13/1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass

!/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com Cracks links Password Recovery Find Temporary Files executed by mods DB function Flood by Error Log File Path Disclosure List installed Mods Useful To Find Mods Vulnerable...