NView SQL注入漏洞

NView is a php class for natural view management. NView suffers from a SQL injection vulnerability that stems from a problem with the function mutate in the file src/Session.php, where manipulation of the parameter session can lead to sql injection...

DEBIAN-CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

UBUNTU-CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

PYSEC-2020-238

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

CVE-2019-19607

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the databas...

Sql injection

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the databas...

Seagate BlackArmor NAS Remote Code Execution Vulnerability

Seagate BlackArmor NAS is a network storage server from Seagate USA that provides layered protection, data incremental and system backup and recovery of business critical data. A security vulnerability exists in the Seagate BlackArmor NAS. A remote attacker can exploit the vulnerability by sendin...

Code injection

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the authname parameter to localhost/backupmgmt/preconnectcheck.php...

CVE-2014-3206

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the authname parameter to localhost/backupmgmt/preconnectcheck.php...

CVE-2014-3206

CVE-2014-3206 affects Seagate BlackArmor NAS. It allows remote attackers to execute arbitrary code by sending the session parameter to /backupmgt/localJob.php or the auth_name parameter to /backupmgmt/pre_connect_check.php, enabling remote code execution on the device. Root cause: improper input ...

WordPress Splashing Images Plugin PHP Object Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Splashing Images wp-splashing-images is used in one of the image selection plugin . A PHP object injection...

Red Hat eNovance eDeploy Directory Traversal Vulnerability

Red Hat eNovance eDeploy is an update configuration tool for Linux systems from Red Hat, Inc. A directory traversal vulnerability exists in Red Hat eNovance eDeploy. A remote attacker can exploit this vulnerability to cause a denial of service resource consumption by creating arbitrary directorie...

CVE-2014-3702

Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service resource consumption via a .. dot dot the session parameter...

CVE-2017-11458

Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...

forumsirius.fr XSS vulnerability

Vulnerable URL: http://www.forumsirius.fr/orion/mc2.phtml?session=7dcraurb0d3csc19b7rs1lpmj2="--!" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 148207 VIP website status:| No Che...

CVE-2016-2840

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context...

Pivotx Session Fixation Vulnerability

Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A session fixation vulnerability exists in the fileupload.php file in Pivotx versions prior to 2.3.11. A remote attacker can exploit this...

CVE-2013-4562

The CVE-2013-4562 weakness affects the omniauth-facebook gem (versions 1.4.1 prior to 1.5.0). The root cause is that the session parameter is not properly stored, enabling remote attackers to perform CSRF via the state parameter. Consequences include potential CSRF attacks against users authentic...

CVE-2013-4562

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery CSRF attacks via the state parameter...