Exploit for Missing Authentication for Critical Function in Cpanel

================================================================...

PAGI::Middleware::Session::Store::Cookie 安全漏洞

PAGI::Middleware::Session::Store::Cookie is a middleware component developed by JJNAPIORK, designed to store session data using cookies. Versions of PAGI::Middleware::Session::Store::Cookie 0.001003 and earlier contain security vulnerabilities. These vulnerabilities stem from the insecure...

EUVD-2024-55098

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

EUVD-2013-2031

Malware in sbrugna...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

SUSE CVE-2024-47616

Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...

Zabbix 安全漏洞

Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring, etc. A security vulnerability exists in Zabbix Frontend, which stems from the fact that wi...

CVE-2021-28680

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

Apache Struts Security Update (CVE-2011-5057)

Apache Struts is prone to a session tampering vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Unspecified vulnerability in Ratpack (CNVD-2021-52413)

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from the client-side session module defaulting to using the application startup time as the signing key, and can be exploited by an attacker to tamper...

YITH Request a Quote for WooCommerce < 1.6.4 - Unauthorised AJAX call via CSRF

The ajax method did not properly check for CSRF, allowing attackers to make users call the ajaxadditem, ajaxremoveitem or ajaxvariationexist actions, which will tamper with their session quote. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

CVE-2021-29480

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

CVE-2021-0269

The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded...

Insecure Session Management

cfme2 uses insecure session management. An attacker is able to perform session tampering attacks using the secret in the static secrettoken.rb...

Jira - Insufficient Session Validation Web Vulnerability

Document Title: =============== Jira - Insufficient Session Validation Web Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1970 Video: https://www.youtube.com/watch?v=fCN5EaPiDrk Release Date: ============= 2018-07-23 Vulnerability Laboratory ID VL-ID:...

Code injection

Red Hat CloudForms 2 Management Engine CFME allows remote attackers to conduct session tampering attacks by leveraging use of a static secrettoken.rb secret...

CVE-2013-2049

Red Hat CloudForms 2 Management Engine CFME allows remote attackers to conduct session tampering attacks by leveraging use of a static secrettoken.rb secret...

CVE-2013-2049

Red Hat CloudForms 2 Management Engine CFME allows remote attackers to conduct session tampering attacks by leveraging use of a static secrettoken.rb secret...

CVE-2013-2049

CFME/Red Hat CloudForms 2 Management Engine is affected by a vulnerability caused by a static secret_token.rb secret, enabling remote attackers to tamper sessions. Based on provided sources, the impact is session integrity (high for CVSS3) with network access and no authentication; CVSS2/3 base s...

2: static secret_token.rb value

Red Hat CloudForms 2 Management Engine CFME allows remote attackers to conduct session tampering attacks by leveraging use of a static secrettoken.rb secret...