CVE-2025-1399

Affected software: libplctag, versions 2.0–2.6.3. The issue is an out-of-bounds read in the unpack_response function (session.c) that can cause an overread of buffers via the network. Root cause is an overread in unpack_response; documents do not specify a fixed patch version. Practical impact is...

PT-2025-20018 · Libplctag · Libplctag

Name of the Vulnerable Software and Affected Versions: libplctag versions 2.0 through 2.6.3 Description: The issue is related to an Out-of-bounds Read in the unpack response function, located in session.c, which allows Overread Buffers via the network. This can be exploited to potentially access...

Claws Mail Protocol Violation Vulnerability

Claws Mail is a free, open source, lightweight, highly configurable, C/GTK+ based email client. A protocol violation vulnerability exists in common/session.c in Claws Mail versions prior to 3.17.6, which stems from mishandling of postfix data after STARTTLS, for which no detailed vulnerability...

CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

F5 Networks BIG-IP : OpenSSH vulnerability (K20911042)

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

F5 Networks BIG-IP : SSHD session.c vulnerability (K93532943)

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions. CVE-2016-3115 C Tenable Network...

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

Design/Logic Flaw

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

Crlf injection

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions...

CVE-2016-3115

OpenSSH CVE-2016-3115 affects sshd in OpenSSH prior to 7.2p2. The vulnerability arises from CRLF injection via crafted X11 forwarding data in session.c (related to do_authenticated1 and session_x11_req), allowing a remote authenticated user to bypass shell-command restrictions. In practice, affec...

PHP Session.Save_Path() Safe_Mode和Open_Basedir限制绕过漏洞

PHP是一款流行的网络编程语言。 PHP在处理会话信息的功能函数实现上存在漏洞，远程攻击者可能利用漏洞获得敏感信息或向非授权位置写入文件。 session.savepath可以设置在iniset, sessionsavepath函数中，在session.savepath必须包含保存tmp文件路径的数据，但session.savepath的语法为： /PATH 或者 N;/PATH N是字符串。 如： 1. sessionsavepath"/DIR/WHERE/YOU/HAVE/ACCESS" 2. sessionsavepath"5;/DIR/WHERE/YOU/HAVE/ACCESS"...