15 matches found
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 ⚠ This tool is created solely for education...
CVE-2025-59841 FlagForgeCTF's Improper Session Handling Allows Access After Logout
Flag Forge is a Capture The Flag CTF platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still...
CVE-2025-59841
Flag Forge CT F’s CVE-2025-59841 describes a flaw in session invalidation for versions 2.2.0 through 2.3.0, allowing authenticated users to access protected endpoints (e.g., /api/profile) after logout and leaving CSRF tokens valid post-logout. The issue is mitigated by upgrading to version 2.3.1,...
CVE-2025-57278
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...
CVE-2025-57278
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...
PT-2025-36919
Name of the Vulnerable Software and Affected Versions: LB-Link BL-CPE300M AX300 4G LTE Router version BL-R8800 B10 ALK SL V01.01.02P42U14 06 Description: The LB-Link BL-CPE300M AX300 4G LTE Router does not implement proper session handling. After a user authenticates from a specific IP address, t...
LB-Link BL-CPE300M AX300 4G LTE Router 安全漏洞
LB-Link BL-CPE300M AX300 4G LTE Router is a router from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M AX300 4G LTE Router that stems from improper session handling, which could lead to authentication bypass...
CVE-2025-57278
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...
Exposure of Data Element to Wrong Session
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the improper handling of user session states. An attacker can escalate privileges and perform...
TP-Link TL-WR840N and TL-WR841N Authentication Bypass Vulnerability
TP-Link TL-WR840N and TL-WR841N are both wireless router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link TL-WR840N and TL-WR841N, which originates from the program failing to properly handle sessions. An attacker can exploit the vulnerability to perform arbitrary...
DEBIAN-CVE-2014-8124
OpenStack Dashboard Horizon before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page...
RedHat Security Advisory RHSA-2009:0057
The remote host is missing updates announced in advisory RHSA-2009:0057. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering with no JavaScript required for maximu...
RedHat Security Advisory RHSA-2009:0057
The remote host is missing updates announced in advisory RHSA-2009:0057. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering with no JavaScript required for maximu...
RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:0057)
An updated squirrelmail package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail package writte...
phpBB <= 2.0.12 Multiple Vulnerabilities
The remote host is running a version of phpBB that suffers from a session handling flaw allowing a remote attacker to gain access to any account, including that of an administrator. Also, there is a path disclosure bug in 'viewtopic.php' that can be exploited by a remote attacker to reveal...