18 matches found
CVE-2026-42626
HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 JetDirect/RAW printing. An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's...
Missing Authentication For Critical Function
Sliver is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to the DNS C2 listener allocating server-side sessions without validating TOTP values and lacking session cleanup, which allows an attacker to create excessive sessions and exhaust server memory...
CVE-2021-4467
Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remo...
CVE-2021-4467 Positive Technologies MaxPatrol 8 & XSpider Remote DoS
Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remo...
CVE-2021-4467
CVE-2021-4467 affects Positive Technologies MaxPatrol 8 and XSpider, where the client communication service listening on TCP port 2002 accepts new session IDs per connection without adequately throttling concurrent requests. An unauthenticated attacker could issue repeated HTTPS requests to cause...
EUVD-2008-4524
Malware in sbrugna...
CVE-2025-58473
An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click...
CVE-2025-48462 Login Session Exhaustion
Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product...
CVE-2025-48462
CVE-2025-48462 describes a login session exhaustion vulnerability that could allow an attacker to consume all available session slots, blocking legitimate users from logging in (impact described as denial of service). Supported by connected sources: for Apache HTTP Server (PT-2025-26676) the affe...
Advantech多款产品 安全漏洞
The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A denial of service vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause a denial of service...
F5 BigIP Access Policy Manager Session Exhaustion Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BigIP Access Policy Manager Session Exhaustion Denial of Service', 'Description' = %q This module exploits a resource exhaustion denial of...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...
F5 BigIP Access Policy Manager Session Exhaustion Denial of Service
This module exploits a resource exhaustion denial of service in F5 BigIP devices. An unauthenticated attacker can establish multiple connections with BigIP Access Policy Manager APM and exhaust all available sessions defined in customer license. In the first step of the BigIP APM negotiation the...
Cisco Unity多个远程安全漏洞
BUGTRAQ ID: 31642 CVECAN ID: CVE-2008-4545,CVE-2008-4544,CVE-2008-4543,CVE-2008-4542 Cisco Unity是一个语音和统一的消息平台。 Cisco Unity中存在多个安全漏洞,可能允许恶意用户泄露敏感信息、导致拒绝服务或注入恶意脚本。 1 Cisco Unity中存在跨站脚本漏洞,远程攻击者可以向数据库提供恶意数据,当下一次管理员登录并访问依赖于存储信息的页面时,就可以执行跨站脚本。 2...
CVE-2008-4543
Cisco Unity 4.x before 4.21ES161, 5.x before 5.01ES53, and 7.x before 7.02ES8, when using anonymous authentication aka native Unity authentication, allows remote attackers to cause a denial of service session exhaustion via a large number of connections...
CVE-2008-4543
Cisco Unity 4.x before 4.21ES161, 5.x before 5.01ES53, and 7.x before 7.02ES8, when using anonymous authentication aka native Unity authentication, allows remote attackers to cause a denial of service session exhaustion via a large number of connections...
CVE-2008-4543
Cisco Unity 4.x before 4.21ES161, 5.x before 5.01ES53, and 7.x before 7.02ES8, when using anonymous authentication aka native Unity authentication, allows remote attackers to cause a denial of service session exhaustion via a large number of connections...
CVE-2008-4543
Cisco Unity in 4.x (before 4.2(1)ES161), 5.x (before 5.0(1)ES53), and 7.x (before 7.0(2)ES8) is affected when using anonymous/native Unity authentication. A remote attacker can cause a denial of service by exhausting sessions via a large number of connections. Root cause is an authentication/conf...