CVE-2024-36468

The reported vulnerability is a stack buffer overflow in the zbxsnmpcachehandleengineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-securityEngineID to localrecord.engineid without proper bounds checking...

Incorrect Object Recycling And Re-use

Apache Tomcat is vulnerable to Incorrect object recycling and re-use. The vulnerability is due to flawed object recycling logic in Apache Tomcat's HTTP/2 implementation. Specifically, the request and response objects are not properly cleared or segregated before being reused, allowing data from o...

Cross-site Scripting (XSS)

firebase is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the "FIREBASEDEFAULTS" cookie, which allows attackers to manipulate the "authTokenSyncURL" field and redirect user session data to a malicious server...

CVE-2024-11023

Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...

CVE-2024-11023

Firebase JavaScript SDK stores configuration data in a FIREBASE_DEFAULTS cookie, including an _authTokenSyncURL field. Connected sources describe that if an attacker can preset or modify this cookie, they can redirect the token sync URL to a malicious server and capture user session data transmit...

PT-2024-16712 · Google · Firebase Javascript Sdk

Name of the Vulnerable Software and Affected Versions: Firebase JavaScript SDK versions prior to 10.9.0 Description: The Firebase JavaScript SDK utilizes a "FIREBASE DEFAULTS" cookie to store configuration data, including an " authTokenSyncURL" field used for session synchronization. If this cook...

Google Firebase Js Sdk 安全漏洞

Google Firebase Js Sdk is a client-side codebase for connecting to Firebase back-end services from Google, Inc USA. A security vulnerability exists in Google Firebase Js Sdk that stems from the use of a cookie named FIREBASEDEFAULTS to store configuration data, which allows an attacker to capture...

User password is available in memory of the PHP process

None...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the fact that under certain circumstances, a user's password is stored in session data in a...

Remitly: [CRITICAL] 0-Click Account Takeover via Password Reset [AUTH-3243] /orchestrator/v1/password_reset/start

The vulnerability discovered allows an attacker to reset the password of a victim's account without requiring any user interaction or special privileges. By intercepting the password reset request and modifying it with the victim's session data, the attacker can successfully take over the account...

PT-2024-9153 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.12 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 30.0.2 Description: The issue concerns the storage of user passwords in unencrypted form in session data under certain...

CVE-2024-10287

Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName...

LocalServer 跨站脚本漏洞

LocalServer is a web server software for Windows from the individual developer murdas83. A cross-site scripting vulnerability exists in LocalServer version 1.0.9, which can be exploited to obtain sensitive information from a user session via the to parameter on the /testmail/index.php page...

LocalServer 跨站脚本漏洞

LocalServer is a web server software for Windows by murdas83 Individual Developer. A cross-site scripting vulnerability exists in LocalServer version 1.0.9, which stems from a cross-site scripting XSS vulnerability that could allow a remote user to send a specially crafted query to an authenticat...

SOPlanning 跨站脚本漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A cross-site scripting vulnerability exists in SOPlanning versions prior to 1.45 that stems from improper input validation and allows a remote user to send a specially crafted query to steal session details from...

PT-2024-31479 · Nintendo · Mario Kart 8 Deluxe +1

Name of the Vulnerable Software and Affected Versions: Mario Kart 8 Deluxe versions prior to 3.0.3 Description: The issue is caused by a stack-based buffer overflow in the LAN/LDN local multiplayer implementation, allowing a remote attacker to exploit it upon deserialization of session informatio...

CVE-2024-23586

HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information...

PT-2024-19949 · Hcl · Hcl Nomad

Name of the Vulnerable Software and Affected Versions: HCL Nomad affected versions not specified Description: The issue is related to insufficient session expiration, which under certain circumstances could allow an unauthenticated attacker to obtain old session information. Recommendations: At t...

HCL Nomad 安全漏洞

HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL USA. A security vulnerability exists in HCL Nomad that stems from vulnerability to insufficient session expiration, where an unauthenticated attacker can obtain old session...

PT-2024-31874 · Unknown · Monica Ai Assistant

Name of the Vulnerable Software and Affected Versions: Monica AI Assistant desktop application version 2.3.0 Description: The issue allows an attacker to modify the chatbot's answer with an unloaded image, which can exfiltrate the user's sensitive chat data of the current session to a malicious...