Astra Linux - уязвимость в xrdp

XRDPT is an open-source remote desktop protocol RDP server. In versions prior to 0.9.23, improper handling of session establishment errors allowed bypassing OS-level session restrictions. The authstartsession function could return a non-zero value 1 in the event of, for example, PAM errors. This...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the startSessionHandler function. An attacker can cause excessive memory consumption and crash the server by sending unauthenticated HTTP requests with a specially crafted nonce a...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the startSessionHandler function. An attacker can cause excessive memory consumption and crash the server by sending unauthenticated HTTP requests with a specially crafted nonce a...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the startSessionHandler function. An attacker can cause excessive memory consumption and crash the server by sending unauthenticated HTTP requests with a specially crafted nonce a...

GHSA-HJR9-WJ7V-7HV8 Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass

Summary A specially crafted nonce routes unauthenticated requests through the NoEncoder path, where startSessionHandler reads the entire request body without limits, allowing attacker-driven memory exhaustion and process crash. Details - server/encoders/encoders.go: EncoderFromNonce returns...

VulnCheck KEV: CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...

Zeroshell 操作系统命令注入漏洞

Zeroshell is a small open source Linux distribution for servers and embedded systems designed to provide web services. a command injection vulnerability exists in the /cgi-bin/kerbynet StartSessionSubmit parameter in Zeroshell 3.9.3. An attacker could execute system commands via shell...

Wheatblog <= 1.1 (session.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================ Wheatblog db != 'resource' touchDatabaseSession; Proof of Concept: www.site.com/includes/session.php?wbclassdir=SHELL 0day.today 2018-04-04...