CampCodes Sales and Inventory System 注入漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in CampCodes Sales and Inventory System version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter sid in the file /pages/receiptcredit.php...

Allworx System Software 跨站脚本漏洞

Allworx System Software is a communication software platform from Allworx Corporation. A security vulnerability exists in Allworx System Software version v9.1.9.12, which stems from improper handling of the SessionID parameter in the Admin Login page, which could lead to a cross-site scripting...

CVE-2025-40742

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V11.0, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V11.0, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V11.0, SIPROTEC 5 6MD89 CP300 All versions V11.0, SIPROTEC 5...

CVE-2025-40742

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V11.0, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V11.0, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V11.0, SIPROTEC 5 6MD89 CP300 All versions V11.0, SIPROTEC 5...

Siemens多款产品 安全漏洞

Siemens SIPROTEC 5 6MD84 and others are a relay device from Siemens Germany. A security vulnerability exists in various Siemens products that originates from the inclusion of a session identifier in a URL request, which could result in unauthorized access. The following products are affected:...

GHSA-RMWH-G367-MJ4X File Browser allows sensitive data to be transferred in URL

Summary URLs that are accessed by a user are commonly logged in many locations, both server- and client-side. It is thus good practice to never transmit any secret information as part of a URL. The Filebrowser violates this practice, since access tokens are used as GET parameters. Impact The JSON...

Delta Electronics COMMGR Insufficient Randomization Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PLC simulator service, which listens on TCP port 8895 by default. By...

PT-2025-27966

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A null pointer dereference error occurs in the Linux kernel when a client sets the PreviousSessionId during the Kerberos session setup stage. This happens because sess-user is not set...

CVE-2021-36793

The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...

CVE-2020-6302

SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session...

CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...

CVE-2018-16495

In VOS user session identifier authentication token is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap...

The vulnerability of the FUN_0040fffc function in the microprogramming software for ZyXEL AMG1302-T10B allows a hacker to write arbitrary files.

The vulnerability of the FUN0040fffc function in the microprogramming software for ZyXEL AMG1302-T10B is related to an incorrect limitation on the path name when processing the SESSIONID parameter. Exploiting this vulnerability allows a remote attacker to write arbitrary files by sending speciall...

CVE-2024-57052

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file...

YouDianCMS 安全漏洞

YouDianCMS YouDian CMS is a website builder from China YouDian Company. A security vulnerability exists in YouDianCMS v.9.5.20 and earlier versions, which can be exploited to allow remote attackers to elevate privileges via the sessionID parameter in the index.php file...

CVE-2024-11318

An IDOR Insecure Direct Object Reference vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint...

CVE-2024-11318 IDOR vulnerability in AbsysNet

An IDOR Insecure Direct Object Reference vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint...

CVE-2024-11318 IDOR vulnerability in AbsysNet

An IDOR Insecure Direct Object Reference vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint...

CVE-2024-11318

CVE-2024-11318 describes an IDOR vulnerability in AbsysNet v2.3.1 where a remote attacker can obtain an active user’s session by brute-forcing the session identifier on the /cgi-bin/ocap/ endpoint. Root cause: insecure direct object reference allowing session hijacking. Impact (per sources): pote...

CVE-2024-45261

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...