CVE-2024-31556

An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function...

CVE-2024-57052

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file...

CVE-2024-57052

Summary (CVE-2024-57052) YouDianCMS (v9.5.20 and earlier) is affected by a privilege-escalation issue via the sessionID parameter in index.php. Root cause involves improper session handling that can allow remote attackers to gain higher privileges. A patch/version with fix not publicly documented...

CVE-2024-57052

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file...

PT-2025-3398 · Unknown · Youdiancms

Name of the Vulnerable Software and Affected Versions: YouDianCMS versions 9.5.20 and earlier Description: The issue allows a remote attacker to escalate privileges via the sessionID parameter in the "index.php" file. This is related to incorrect session management, which can lead to privilege...

CVE-2024-37783

A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...

CVE-2024-37783

CVE-2024-37783 is a reflected XSS vulnerability in Gladinet CentreStack v13.12.9934.54690. The issue can inject malicious JavaScript into a victim’s browser via the sessionId parameter at /portal/ForgotPassword.aspx. Affected component is the ForgotPassword flow; root cause is reflected XSS; CVSS...

PT-2024-27750 · Gladinet · Gladinet Centrestack

Name of the Vulnerable Software and Affected Versions: Gladinet CentreStack version 13.12.9934.54690 Description: A reflected cross-site scripting XSS issue allows attackers to inject malicious JavaScript into a victim's web browser via the sessionId parameter at the "/portal/ForgotPassword.aspx"...

CVE-2024-37783

A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...

Peplink Balance Routers SQL Injection

class MetasploitModule 'Peplink Balance routers SQLi', 'Description' = %q Firmware versions up to 7.0.0-build1904 of Peplink Balance routers are affected by an unauthenticated SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an attacker to...

PT-2024-10118 · Unknown +7 · Dogtag Pki +7

Name of the Vulnerable Software and Affected Versions: dogtag-pki and pki-core affected versions not specified Description: The issue is related to an authentication bypass in dogtag-pki and pki-core due to an original error. This can be exploited by a remote attacker to escalate their privileges...

CVE-2024-31556

An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function...

CVE-2024-31556

An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function...

CVE-2024-31556

An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function...

CVE-2023-45600

A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

GL.iNet Unauthenticated Remote Command Execution Exploit

A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This Metasploit exploit requires post-authentication using the...

Sensitive Information Disclosure

org.apache.dolphinscheduler: dolphinscheduler-api is vulnerable to Sensitive Information Disclosure. The vulnerability is due to not removing the sessionId in the log statement of the authenticate method in the org.apache.dolphinscheduler.api.security.impl.AbstractAuthenticator class. This can le...

CVE-2023-5826

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/listonlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed ...

CVE-2023-5826

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/listonlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed ...

CVE-2023-5826 Netentsec NS-ASG Application Security Gateway list_onlineuser.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/listonlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed ...