Session fixation

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter...

CVE-2017-6529

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter...

CVE-2017-6529

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter...

CVE-2017-6529

CVE-2017-6529 affects dnaTools dnaLIMS 4-2015s13. The vulnerability allows session hijacking by guessing and supplying the UID parameter in URLs that require authentication, where the UID appears to serve as a session identifier. Public descriptions demonstrate that multiple pages rely on a UID p...

CVE-2017-6529

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter. Recent assessments: h00die at March 27, 2020 4:08pm UTC reported: The uid field is passed within a GET parameter. These are sequential integers, so it is trivial to...

Video Sharing Script 4.94 - uid Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Video Sharing Script 4.94 - 'uid' Parameter SQL Injection Google Dork: N/A Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://itechscripts.com/video-sharing-script/ Demo:...

Stack Overflow Vulnerability in Lovecraft PPS ActiveX Plugin

Aiki PPS ActiveX plugin is a browser-based flash playback control. A stack overflow vulnerability exists in the strUID and strCookie parameters of the Lovecraft PPS ActiveX plugin. An attacker can exploit the vulnerability to remotely execute arbitrary code, and a failed exploit can result in a...

Ocean CMS uid parameter has SQL injection vulnerability

Ocean CMS is an open source website builder. An SQL injection vulnerability exists in the uid parameter of the Ocean CMS i.php page. Attackers can use the vulnerability to obtain sensitive information in the website database...

The vulnerability of the ZENworks Configuration Management software allows a perpetrator to execute arbitrary code.

The vulnerability of the ZENworks Configuration Management information system exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted directory name specified ...

WP App Maker 1.0.16.4 - icons-launcher.php uid Parameter Reflected XSS

The wp-app-maker WordPress plugin was affected by an icons-launcher.php uid Parameter Reflected XSS security vulnerability...

CVE-2014-4578

Cross-site scripting XSS vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter...

Yogurt Social Network 3.2 rc1 Module for XOOPS album.php uid Parameter XSS

No description provided by source...

CVE-2013-4945

Multiple SQL injection vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the 1 ASPSESSIONIDASSRATTQ, 2 TABLEWIDGET1, 3 TABLEWIDGET2, 4 browserDateTimeInfo, or 5 browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the 6 U...

CVE-2011-3841

Cross-site scripting XSS vulnerability in uploadify/getprofileavatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter...

CVE-2011-4669

SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php...

WordPress Symposium Plugin <= 11.12.07 - XSS

Because of this vulnerability in uploadify/getprofileavatar.php, the attackers can inject arbitrary web script or HTML via the "uid" parameter. Solution Update the plugin...

CVE-2009-4939

Multiple cross-site scripting XSS vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the 1 uid parameter, 2 uid parameter in a loginlookup action, 3 uid parameter in an adminlogin action, 4 campaignid parameter in a createcampaign actio...

CVE-2009-4939

Multiple cross-site scripting XSS vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the 1 uid parameter, 2 uid parameter in a loginlookup action, 3 uid parameter in an adminlogin action, 4 campaignid parameter in a createcampaign actio...

SnowFlake CMS 1.0 Beta5.2 SQL Injection

Exploit Title: Powered by SnowFlake Content Management System SQL Injection Date: 19th july 2010 Author: Dinesh Arora Critical:high Affected / Tested Version : 1.0 beta5.2 Sample Affected Parameter: uid contact: [email protected] Greetz to :b0nd, Fbih2s,Beenu,Charles ,j4ckh4x0r, punter,eberl...