6 matches found
PT-2025-47308
Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a flaw that allows attackers to perform Cross-Site Request Forgery CSRF attacks in the user editing functionality. The existing CSRF protection can be...
EUVD-2020-9426
Malware in sbrugna...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...
CVE-2020-26172
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp...
Code injection
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database...
CVE-2014-1808
CVE-2014-1808 affects Microsoft Office 2013 variants (Gold, SP1, RT, RT SP1). The flaw, described as the Token Reuse Vulnerability, allows remote attackers to obtain sensitive authentication token information when opening a crafted Office document from a web site. Root cause involves improper han...