2 matches found
SUSE CVE-2019-15232
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors...
[oCERT-2009-004] AjaxTerm session id collision
2009-004 AjaxTerm session id collision Description: AjaxTerm, an open source web based terminal, uses a form of random session id generation which can lead to remote session hijacking. The ajaxterm.js script allocates session ids on the client side using the following method: var...