Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to a Logon.aspx, and the 2 Username and 3 Update parameters to b Members1.aspx...

DEBIAN-CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...

CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...

Sql injection

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in 1 top.php and 2 member.php. NOTE: this issue has also been reported to affect 1.7.2...

CVE-2006-2214

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in 1 top.php and 2 member.php. NOTE: this issue has also been reported to affect 1.7.2...

Sql injection

Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the 1 SessionID parameter to login.asp or 2 ProductIndex parameter to browse0.htm...

CVE-2006-2178

Multiple cross-site scripting XSS vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to login.asp, 2 ProductIndex parameter to browse0.htm, 3 rowcolor parameter to result.asp, or 4 heading parameter to result.asp. NOTE: vector...

CVE-2006-2190

Cross-site scripting XSS vulnerability in ow-shared.pl in OpenWebMail OWM 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in 1 openwebmail-send.pl, 2 openwebmail-advsearch.pl, 3 openwebmail-folder.pl, 4 openwebmail-prefs.pl, 5...

CVE-2006-2190

CVE-2006-2190 is an XSS vulnerability in OpenWebMail (OWM) affecting 2.51 and earlier, via the sessionid parameter in ow-shared.pl and related scripts (openwebmail-send.pl, openwebmail-advsearch.pl, openwebmail-folder.pl, openwebmail-prefs.pl, openwebmail-abook.pl, openwebmail-read.pl, openwebmai...

Cross site scripting

Cross-site scripting XSS vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...

CVE-2006-2138

Cross-site scripting XSS vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...

CVE-2006-2138

Cross-site scripting XSS vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...

CVE-2005-3646

Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in 1 logout.php and 2 index.php...

CVE-2005-2863

Cross-site scripting XSS vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...

CVE-2002-1058

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. dot dot sequences in the sessionId cookie that point to an alternate session file...

CVE-2002-1058

CVE-2002-1058 is a directory traversal vulnerability in splashAdmin.php of Cobalt Qube 3.0. The root cause is use of .. sequences in the sessionId cookie that can reference an alternate session file, allowing local users and remote attackers to gain privileges as the Qube Admin. The vulnerability...

CVE-2002-1058

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. dot dot sequences in the sessionId cookie that point to an alternate session file...

CVE-2002-0226

retrievepassword.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user...

Vulnerability in all versions of DCForum from dcscripts.com

When a user requests a new password for his account, a new password is generated and sent to the requester anyone that knows the username+email information, which is usually available in "user profile". The problem is that the password is simply the first 6 characters of the user's SessionID, whi...