176 matches found
EUVD-2026-21885
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
CVE-2026-5085
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
CVE-2026-5085
CVE-2026-5085 affects Solstice::Session (Perl) versions through 1440. The root cause is insecure session ID generation in _generateSessionID (and _generateID in Solstice::Subsession), which uses an MD5 digest seeded by the epoch time, a random hash reference, the built-in rand() (seeded with 16 b...
CVE-2026-5085
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
Solstice::Session 安全漏洞
Solstice::Session is a server-side session component developed by MCRAWFOR’s developers, used to manage user sessions and request states. Versions of Solstice::Session prior to 1440 contained security vulnerabilities, which stemmed from insecure session ID generation, potentially allowing attacke...
CVE-2025-66573
Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...
CVE-2025-66573
Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...
CVE-2025-66573
Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...
CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint
Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...
CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint
Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...
CVE-2025-66573
Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...
CVE-2025-66573
Solstice Pod API exposure: Versions 5.5 and 6.2 include an unauthenticated /api/config endpoint that can disclose sensitive live-session data (session key, server version, product details, display name) to any user. This information exposure is documented across multiple sources (NVD/Red Hat/CVE ...
Mersive Solstice Pod API 安全漏洞
The Mersive Solstice Pod API is an application programming interface from Mersive USA. A security vulnerability exists in Mersive Solstice Pod API versions 5.5 and 6.2, which originates from an unauthenticated api/config endpoint that exposes sensitive information, potentially leading to session...
EUVD-1999-1407
Malware in sbrugna...
EUVD-2000-0068
Malware in sbrugna...
EUVD-2020-23250
Malware in sbrugna...
EUVD-2020-20033
Malware in sbrugna...
EUVD-2020-23251
Malware in sbrugna...