5 matches found
SenseLive X3050 代码问题漏洞
The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a code vulnerability that stems from improper execution of the Web management interface’s session lifecycle. This issue allows authenticated...
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service
Summary The DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly...
CVE-2023-40174
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. Soci...
social-media-skeleton 代码问题漏洞
social-media-skeleton is an unfinished social media project implemented in php, css, javascript and html by the individual developer fobybus. A code issue vulnerability exists in social-media-skeleton versions prior to 1.0.5, which stems from not properly limiting the lifecycle of a user's sessio...
PT-2025-49654
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s CIFS implementation related to session state handling during reconnection attempts. Specifically, the issue involves not properly releasing exiting...