PT-2025-34245 · Unknown · Phpgurukul Online Course Registration System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Course Registration version 3.1 Description: A flaw exists in PHPGurukul Online Course Registration 3.1 related to SQL injection. The issue is located in the /admin/session.php file, specifically through manipulation of the...

PHPGurukul Online Course Registration SQL注入漏洞

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter sesssion. An attacker can exploit this vulnerability to execute...

Student Record System register.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter session in the file /register.php. An attacker can exploit this vulnerability to execute...

Student Record System session.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter session in the file /session.php. An attacker can exploit this vulnerability to execute...

PHPGurukul Student Record System 安全漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter session in the file /session.php. An attacker can exploit this vulnerability to execute...

PHPGurukul Student Record System 注入漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter session in the file /register.php. An attacker can exploit this vulnerability to execute...

CVE-2005-4266

WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value...

SourceCodester Doctors Appointment System 注入漏洞

SourceCodester Doctors Appointment System is SourceCodester open source a doctor appointment system. An injection vulnerability exists in SourceCodester Doctors Appointment System version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file...

CVE-2025-29339

Open5GS UPF (up to v2.7.2) is affected by CVE-2025-29339. An assertion failure occurs during PFCP Session Establishment Requests when PDN Type is 0, due to improper handling of an invalid value propagated from SMF (or via direct attack), leading to a fatal assertion and daemon crash. The vulnerab...

CVE-2025-30236

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code skipping a password check if an HTTP POST request contains a SESSION parameter...

DrayTek Vigor300B和DrayTek Vigor2960 安全漏洞

DrayTek Vigor300B and DrayTek Vigor2960 are both products of China's DrayTek Corporation DrayTek.The Vigor300B is a load balancing router.The DrayTek Vigor2960 is a router... A security vulnerability exists in the DrayTek Vigor300B and DrayTek Vigor2960 version 1.5.1.4, which stems from a session...

PT-2024-17849 · Draytek · Draytek Vigor2960 +1

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor2960 and Vigor300B versions 1.5.1.3 through 1.5.1.4 Description: A critical issue has been found in the Web Management Interface component, affecting some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim. The...

DEBIAN-CVE-2024-26753

In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack overflow on memcpy sizeofstruct virtiocryptoakciphersessionpara is less than sizeofstruct virtiocryptoopctrlreq::u, copying more bytes from stack variable leads stack overflow. Clang reports th...

PT-2024-7279 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a stack overflow in the Linux kernel's virtio/akcipher component. This occurs when the size of struct virtio crypto akcipher session para is less than the size ...

PT-2024-12419 · Stmicroelectronics · St Hal

Name of the Vulnerable Software and Affected Versions: ST HAL affected versions not specified Description: The issue is related to memory corruption that occurs while processing the Listen Sound Model client payload buffer when there is a request for the Listen Sound session get parameter from ST...

ILIAS < 7.22, 8.x < 8.2 Multiple Vulnerabilities

ILIAS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if description...

PT-2023-4236 · Unknown · Rtu500 Series

Name of the Vulnerable Software and Affected Versions: RTU500 series product affected versions not specified Description: A vulnerability exists in the HCI IEC 60870-5-104 function, which can be exploited if the HCI 60870-5-104 is configured with support for IEC 62351-3. After the session...

SUSE CVE-2006-6142

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

SUSE CVE-2013-6172

steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...

SUSE CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...