EUVD-2021-25306

Malware in sbrugna...

EUVD-2023-58972

Malicious code in bioql PyPI...

CVE-2023-6760

A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this...

CVE-2022-24744

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3...

CVE-2022-21652

Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account...

Session Hijacking

dolibarr/dolibarr is vulnerable to Session Hijacking. The vulnerability is due to inadequate user session management, allowing authenticated attackers to hijack victim users' session cookies and gain access to the CSRF protection tokens through interaction with a malicious web page, consequently...

Citrix Cloud - Setting admin timeouts in Citrix Cloud portal

Requirement to know what the current timeout limit is when using Citrix Cloud and if it is possible to change the limit with regards to a Cloud Studio Admin session. Need to be able to force the user to have to login again after a certain amount of time...

Cisco FTD Software Pluggable Authentication Module DoS (cisco-sa-20191002-ftd-fpmc-dos)

According to its self-reported version, Cisco Firepower Threat Defense FTD Software is affected by a vulnerability in the configuration of the Pluggable Authentication Module PAM due to improper resource management in the context of user session management. An authenticated, remote attacker can...

Race condition

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

CVE-2019-4072

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time,...

pivot130rc2.php.txt

!/usr/bin/php -q -d shortopentag=on ? echo "Pivot = 1.30 RC2 privileges escalation / remote commands execution exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dorks: "Powered byPivot"\n"; echo "version specific: "Powered byPivot - 1.30 RC2"...