Cross-Site Request Forgery (CSRF)

codeigniter4/shield is vulnerable to cross-site request forgery. The vulnerability exists in the startLogin function of Session.php, allowing same site attackers to bypass the CSRF Protection mechanism and redirect to malicious urls such as https://a.example.com/ and http://example.com/ when the...

Insufficient Session Expiration

admidio/admidio is vulnerable to insecure session management. The vulnerability exists due to insufficient sanitization in session expiration in the refreshAutoLogin function in the Session.php file leading to user account compromise...

anopex.org XSS vulnerability

Open Bug Bounty ID: OBB-596383 Description| Value ---|--- Affected Website:| anopex.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

Seagate Business NAS 2014.00319 system/libraries/Session.php 代码执行

No description provided by source...

LetterIt 2.0 - (inc/session.php) Remote File Include Vulnerability

漏洞软件：LetterIt 2.0 软件下载：http://sourceforge.net/projects/letterit.berlios/ 漏洞类型：RFI 远程文件包含漏洞 软件介绍： LetterIt 2.0 是一个基于WEB页面的邮件列表管理器，安装简单并且支持多国语言。它可以通过PHP Mail，sendmail，qmail，SMTP 或者pickup mode（Windows下）等多种方式发送HTML 或者 Text文本消息以及附件到指定邮件列表。 漏洞分析： 这个远程文件包含漏洞出现在LetterIt 2.0的 “inc/session.php” 文件中。 漏洞代码：...

Wheatblog <= 1.1 (session.php) Remote File Include Vulnerability

No description provided by source. Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.u.r.a & l2odon & DrtRp & Sh3ll ?php includeonce$wbclassdir/classDatabase.php; function StartSession global $sessiondir; if $sessiondir != '' sessionsavepath$sessiondir; if !...

Concrete CMS 5.5.2.1 Information Disclosure

TITLE ....... Concrete5.5.2.1 CMS information disclosure bug DATE ........ 22.04.2012 AUTOHR ...... http://hauntit.blogspot.com SOFT LINK ... http://www.concrete5.org/ VERSION ..... 5.5.2.1 TESTED ON ... LAMP ----------------------------------------------------------------------- 1. What is this?...

Sql injection

SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information...

glFusion lib-session.php模块SQL注入漏洞

BUGTRAQ ID: 34361 CVECAN ID: CVE-2009-1282,CVE-2009-1283 glFusion是一个开源的内容管理系统。 glFusion的private/system/lib-session.php模块没有正确地过滤用户所提交的glfsession cookie参数，远程攻击者可以通过向服务器提交恶意请求执行SQL注入攻击。以下是/private/system/lib-session.php 的97-117行的有漏洞代码段： ... if isset $COOKIE$CONF'cookiesession' $sessid = COMapplyFilt...

PHP DB Designer <= 1.02 Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications =========================================================== PHP DB Designer = 1.02 Remote File Include Vulnerabilities =========================================================== PHP DB Designer = 1.02 Remote File Include Exploit D.Script:...

LetterIt v2 (inc/session.php) Remote File Include Vulnerability

No description provided by source. ================================================================================== LetterIt RFI ================================================================================== Info:- Scripts: LetterIt download : http://otterware.net/index.php?dl=45 Version : ...

LetterIt v2 &#40;inc/session.php&#41; Remote File Include Vulnerability

================================================================================== LetterIt RFI ================================================================================== Info:- Scripts: LetterIt download : http://otterware.net/index.php?dl=45 Version : 2 Dork & vuln : download scripts an...

LetterIt v2 (inc/session.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications =============================================================== LetterIt v2 inc/session.php Remote File Include Vulnerability ===============================================================...

vBlog C12 0.1 - cfgProgDir Remote File Inclusion

vBlog C12 0.1 - cfgProgDir Remote File Inclusion WwW.Deltahacking.NeT Priv8 Site WwW.Deltahacking.Ir Public Site Portal Name :Vortex Blog AKA vBlog Class = Remote File Inclusion ; Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12a0.1nonfunc.zip Found by = Dr.Pantagon...

vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ vBlog / C12 0.1 cfgProgDir Remote File Include Vulnerabilities ================================================================ Portal Name :Vortex Blog AKA vBlog Class =...

vBlog / C12 0.1 &#40;cfgProgDir&#41; Remote File Include Vulnerabilities

WwW.Deltahacking.NeT Priv8 Site WwW.Deltahacking.Ir Public Site Portal Name :Vortex Blog AKA vBlog Class = Remote File Inclusion ; Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12a0.1nonfunc.zip Found by = Dr.Pantagon [email protected]...

CVE-2006-5262

CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from...

CVE-2006-5262

The CVE-2006-5262 entry describes a CRLF injection in Hastymail 1.5 and earlier (before 20061008) affecting lib/session.php. Remote authenticated users can craft a mailbox name containing CRLF to send arbitrary IMAP commands; the attack may cross privilege boundaries if the IMAP server is configu...

Wheatblog 1.1 - session.php Remote File Inclusion

Wheatblog 1.1 - session.php Remote File Inclusion Aria-Security.net Advisory Discovered by: O.U.T.L.A.W Gr33t to: A.u.r.a & l2odon & DrtRp & Sh3ll db != 'resource' touchDatabaseSession; Proof of Concept: server/includes/session.php?wbclassdir=SHELL Contact : [email protected] milw0rm.com...