PT-2024-39943 · Nsd570 · Nsd570

Name of the Vulnerable Software and Affected Versions: NSD570 affected versions not specified Description: A vulnerability exists in the login panel of NSD570 that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the...

the new session will exit suddenly when the session exceed 8 on multisession LVDA

The customer said the new session will exit suddenly when the session exceed 8 on multisession LVDA. And if logoff 1 session, the user can login succeesfully...

Exceeding XenAPI Session Limit Causes Pool Instability

XenAPI Session The session limit of XenAPI process XAPI is 400. When the limit is exceeded, the oldest session is terminated. The oldest session might be active and in use. When the session is terminated, the client using that session gets disconnected without notification. Note : Clients can be...

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service. The vulnerability is due to a lack of session limit enforcement, enabling an authenticated attacker to crash the server by flooding the sessions table through repeated requests to the getSessions API...

Mattermost fails to limit the number of active sessions

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...

CVE-2024-4183

Mattermost server (github.com/mattermost/mattermost-server) is affected by CVE-2024-4183: versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, and 9.4.x before 9.4.5 fail to limit active sessions. An authenticated attacker can crash the server by flooding the sessions table via r...

CVE-2022-25761

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an...

ASNeG OPC UA Stack 安全漏洞

ASNeG OPC UA Stack is an open source framework open source by ASNeG Germany. It is used to develop and distribute OPC UA client/server applications. A security vulnerability exists in ASNeG OPC UA Stack that stems from the lack of a limit on the number of received blocks total number per session ...

python-opcua 安全漏洞

python-opcua is an LGPL pure Python OPC-UA client and server from the Free OPC-UA Library open source. A security vulnerability exists in python-opcua that stems from the lack of a limit on the number of blocks received per session or total number of all concurrent sessions...

open62541 安全漏洞

open62541 is an application software. An open source and free implementation of OPC UA OPC Unified Architecture, written in a common subset of the C99 and C++98 languages. A security vulnerability exists in open62541 versions prior to 1.2.5, 1.3-rc1, and 1.3.1, which stems from the lack of a limi...

PT-2022-17497 · Open62541 · Open62541

Name of the Vulnerable Software and Affected Versions: open62541/open62541 versions 1.2.0 through 1.2.4 open62541/open62541 versions 1.3-rc1 through 1.3.0 Description: The issue is related to a Denial of Service DoS due to a missing limitation on the number of received chunks per single session o...

PT-2022-4450 · Opcua · Opcua

Name of the Vulnerable Software and Affected Versions: opcua versions 0.0.0 and later Description: The issue is related to a Denial of Service DoS due to a missing limitation on the number of received chunks per single session or in total for all concurrent sessions. An attacker can exploit this ...

Session Limit - Critical - Insecure Session Management - SA-CONTRIB-2018-072

The session limit module enables a site administrator to set a policy around the number of active sessions users of the site may have. This is typically set to one so that you can only be logged in once with the same user account. In one configuration of the module, when a user logs in with anoth...

Application launch using Anonymous user account resets the Session Limit Timer to 10

While launching an application for unauthenticated/Anonymous user, the idle tab for the Anon account might default back to 10 minutes even after manually setting it to some other value. The following steps can be followed to test the behavior: From a VDA running 7.9 or higher, run the below .exe ...

How to Limit One Session Per User on NetScaler Gateway?

This article describes how to limit one session per user on NetScaler Gateway. Use case An administrator wants to ensure that at any point in time a given user can only have one active session with NetScaler Gateway. Administrators can use a session policy or the global NetScaler Gateway settings...

Oracle Password Auditor - Oracle Password Recovery & Auditing Tool

Oracle Password Auditor is the FREE Oracle database password recovery and auditing software. It not only helps you to recover lost or forgotten Oracle database password but also audit Oracle database setup in an corporate environment by discovering the weak password configurations. During auditin...

Flash cross-domain data hijacking vulnerability,a large wave of site affected-vulnerability warning-the black bar safety net

0×0 1，Background Many of the uploaded file to the back-end logic in the realization, only validate the file extension and Content-Type, not uploading the contents of the file for verification. Typically such processing logic is simply not rigorous, will not cause too much of a security risk. But...

Openfire: Denial of service

Background Openfire formerly Wildfire is a Java implementation of a complete Jabber server. Description Openfire's connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session's send buffer. Impact Remote authenticat...

Microsoft Windows Server 2000 - RunAs Service Denial of Service

// source: https://www.securityfocus.com/bid/3291/info The Windows 2000 RunAs service allows an application or service to be executed as a different user. It is accessed by holding down the shift key and right mouse clicking on an icon, then selecting 'Run as...' from the context menu. When the...

DoS против Citrix MetaFrame (session request flood)

Сервер не позволяет устанавливать более 52 сеансов одновременно...