CVE-2026-24894 FrankenPHP leaks session data between requests in worker mode

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via the frankenphpresetsuperglobals reset logic. An attacker can access sensitive session data belonging to other users by sending a request to a worker before sessionstart is called. note: This is only...

EUVD-2014-3711

Malware in sbrugna...

EUVD-2007-3783

Malware in sbrugna...

CVE-2024-10158

A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function sessionstart. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2024-10158 PHPGurukul Boat Booking System session_start session fixiation

A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function sessionstart. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2024-10158

CVE-2024-10158 affects PHPGurukul Boat Booking System 1.0. The vulnerability is linked to the session_start function, enabling session fixation. Exploitation is described as possible remotely, and public disclosures of the exploit are noted in the connected documents. The issue is documented acro...

Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/mrzulkarnine/Web-based-hotel-booking-system Software Link:...

InfraPower PPS-02-S Q213V1 - Authentication Bypass

InfraPower PPS-02-S Q213V1 - Authentication Bypass InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary:...

InfraPower PPS-02-S Q213V1 - Authentication Bypass

InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI ...

CVE-2014-3772

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the sessionstart function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php...

Ignition 1.3 (comment.php) Local File Inclusion Vulnerability

No description provided by source. Ignition 1.3 === Local File Include By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://launchpad.net/ignition/trunk/1.3/+download/ignition-1.3.tar.gz ========================================= xpl :...

Ignition 1.3 (page.php) Local File Inclusion Vulnerability

No description provided by source. Ignition 1.3 page Local File Inclusion Vulnerability disclosed by cOndemned download: http://launchpad.net/ignition/trunk/1.3/+download/ignition-1.3.tar.gz note: 1. Magicquotesgpc should be turned off in order to exploit this vulnerability 2. LFI bugs found by m...

Concrete CMS: CONCRETE5 - path disclosure.

Hi, When you emtpy the cookie CONCRETE5 it will throw the following error on the page : Warning: sessionstart function.session-start: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/c5host/msmversions/012312/concrete/startup/session.php on line 22...

Quick.Cart 5.0 Information Disclosure

TITLE ....... Information disclosure in Quick.Cartv5.0 ............ DATE ........ 18.03.2012 .......................................... AUTOHR ...... http://hauntit.blogspot.com ......................... SOFT LINK ... http://http://opensolution.org/ .................... VERSION...

Session fixation

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service application crash via a crafted application that uses a PDO driver for a fetch and then calls the sessionstart function, as demonstrated by...

CVE-2012-0788

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service application crash via a crafted application that uses a PDO driver for a fetch and then calls the sessionstart function, as demonstrated by...

openSite 0.2.2 Beta Local File Inclusion

opensite-v0.2.2-beta === Local File Include vuln By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/contentone/files/openSite/opensite-v0.2.2-beta/opensite-v0.2.2-beta.zip/download ========================================= xpl :...

Wordpress Plugin WP-Syntax <= 0.9.1 Remote Command Execution

No description provided by source. ====================================================================== Wordpress plugin WP-Syntax = 0.9.1 Remote Code Execution ====================================================================== This vulnerability was originally discovered by Raz0r on...

WordPress WP-Syntax 0.9.1 Command Execution

====================================================================== Wordpress plugin WP-Syntax $functions if isnull$functions continue; foreach$functions as $function $string = calluserfuncarray$function, array$string; return $string; ... Global variable testfilter is not defined, so...