119 matches found
CVE-2026-45306
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storagefolder inside PKGDIR or userdir, but does NOT protect the Flask session directory /tmp/pyLoad/flask. An authenticated attacker can set storagefolder to...
CVE-2026-45306 pyLoad: Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storagefolder inside PKGDIR or userdir, but does NOT protect the Flask session directory /tmp/pyLoad/flask. An authenticated attacker can set storagefolder to...
Exploit for Missing Authentication for Critical Function in Cpanel
IOC Check Sessions Files Overview iocchecksessionsfile...
Vulnerability handling functions in cPanel and WHM
cPanel has identified a vulnerability in its cPanel and WHM products, including versions after 11.40 and before the specific patched releases. The vulnerability involves an authentication bypass that occurs due to the injection of CRLF characters in session files, allowing attackers to impersonat...
PT-2026-35811
Name of the Vulnerable Software and Affected Versions GRASSMARLIN versions prior to 3.2.1 GRASSMARLIN version 3.2.1 Description Improper handling of XML input occurs due to insufficient hardening of the XML parsing process. This allows crafted session data, specifically within session files .gm3,...
Incorrect Authorization
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization via the storagefolder configuration option, which allows a user with SETTINGS and ADD permissions to redirect downloads to the Flask...
MAL-2026-2118 Malicious code in hash-utils-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4177b7c46ecbfa35116b35a2a491107d0514cd6551a447b7213ef6e097172939 During importing the module, the code attempts to exfiltrate sensitive Telegram's client session files. --- Category: MALICIOUS - The campaign has clearly...
CVE-2026-28482
OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...
Malicious code in hashtools32 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 689514b83cd6496b0a4213d26325e73cd2c4f0e19128b969d19797bcdd4b131d During import, the package attempts to exfiltrate sensitive Telegram session files --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-1080 Malicious code in hashtools32 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 689514b83cd6496b0a4213d26325e73cd2c4f0e19128b969d19797bcdd4b131d During import, the package attempts to exfiltrate sensitive Telegram session files --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Unsafe Deserialization
Scapy is vulnerable to unsafe deserialization. The vulnerability is due to insecure handling of serialized session files, which allows an attacker to execute arbitrary code by tricking a user into loading a malicious session file via the -s option...
CVE-2019-20047
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded...
Malicious code in smtmlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e871336d0effe99cb62efeda3a287186e75c1bd4ca5770efd81718db8ababe4e Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...
EUVD-2019-10603
Malware in sbrugna...
EUVD-2021-1694
Malware in sbrugna...
EUVD-2007-1641
Malware in sbrugna...
EUVD-2018-13452
Malware in sbrugna...
EUVD-2004-1422
Malware in sbrugna...
EUVD-2007-0666
Malware in sbrugna...
EUVD-2014-0183
Malware in sbrugna...