CVE-2026-5081

A flaw was found in Apache::Session::Generate::ModUniqueId, a Perl module designed to generate session identifiers. This module uses the Apache moduniqueid plugin's UNIQUEID environment variable directly as a session ID. The UNIQUEID is constructed from easily guessable information, such as the...

Apache::Session::Generate::ModUniqueId 安全漏洞

Apache::Session::Generate::ModUniqueId is a session ID generation module developed by RRWO’s individual developers. There are security vulnerabilities in the version 1.54 to 1.94 of Apache::Session::Generate::ModUniqueId. These vulnerabilities stem from the use of the UNIQUEID environment variabl...

CVE-2026-23521

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the uniqueId parameter. An attacker can write files outside the intended media directory by setting the uniqueId to an absolute path when uploading a device image. Details A Directory Traversal attack also known ...

CVE-2026-23521

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

CVE-2026-23521 Traccar vulnerable to Path Traversal and External Control of File Name or Path

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

CVE-2026-23521 Traccar vulnerable to Path Traversal and External Control of File Name or Path

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

CVE-2026-23521 Traccar vulnerable to Path Traversal and External Control of File Name or Path

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

CVE-2026-23521

Traccar open-source GPS tracking system versions up to 6.11.1 are affected by a path-traversal risk. Authenticated users who can create or edit devices can set a device uniqueId to an absolute path. During device image upload, Traccar uses that uniqueId to construct the filesystem path without en...

PT-2026-21558

Name of the Vulnerable Software and Affected Versions Traccar versions up to and including 6.11.1 Description The Traccar GPS tracking system is affected by an issue where authenticated users with device creation or editing privileges can manipulate the uniqueId parameter to specify an absolute...

WordPress Qubely plugin <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability discovered by Nishiv - Developer in WordPress Plugin Qubely versions = 1.8.12...

EUVD-2009-4340

Malware in sbrugna...

CVE-2024-9601

The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress plugin Qubely – Advanced Gutenberg Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

CVE-2024-10376

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects the function actionPassOrNotAutoSign of the file /com/esafenet/servlet/service/processsign/AutoSignService.java. The manipulation of the argument UniqueId leads to sql injection. The attack c...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in EsafeNet CDG version 5, which stems from an incorrect manipulation of the UniqueId parameter that can lead to SQL injection...

Ipswitch WhatsUp Gold SQL Injection Vulnerability

Ipswitch WhatsUp Gold is a unified suite of infrastructure and application monitoring software. IPswitch WhatsUp Gold suffers from a SQL injection vulnerability. Failure to properly filter the 'UniqueID' parameter allows remote attackers to exploit the vulnerability to submit specially crafted SQ...

CVE-2013-2585

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

Avira Analysis Web Service SQL Injection

Title: ====== Avira Analysis Web Service - SQL Injection Vulnerability Date: ===== 2013-07-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=997 VL-ID: ===== 997 Common Vulnerability Scoring System: ==================================== 8.5 Abstract: ========= The...

Windows Gather Steam Client Session Collector.

This module will collect Steam session information from an account set to autologin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Steam Client Session Collector.', 'Descriptio...