Deserialization of untrusted data

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...

CVE-2020-6291

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration...

Session fixation

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration...

CVE-2020-6291

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration...

Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers

Hackers are focusing on vulnerabilities in the PHP web application development platform threatening 80% websites in the world, including many big website i.e. Facebook and Wikipedia. PHP has several predefined variables that are called SuperGlobals i.e. POST, GET, COOKIES, FILES etc. Imperva...

CVE-2006-5862

Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized NAV before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors...