PT-2026-39499

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized...

OpenCart 安全漏洞

OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.3.8 of OpenCart has a security vulnerability, which stems from a session fixation vulnerability. This...

CVE-2025-10493

The CVE concerns the WordPress plugin Chained Quiz (versions 1.3.4 and earlier). The root cause is an insecure direct object reference in the quiz submission/completion flow, due to lack of validation on a user‑controlled key exposed via the chained_completion_id cookie. An unauthenticated attack...

PT-2025-38302

Name of the Vulnerable Software and Affected Versions Chained Quiz plugin for WordPress versions 1.3.4 and below Description The Chained Quiz plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in versions 1.3.4 and below. This flaw resides in the quiz submission and...

Linux Distros Unpatched Vulnerability : CVE-2019-7350

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim...

CVE-2025-50891

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software such as Adform Site Tracking 1.1...

CVE-2025-50891

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software such as Adform Site Tracking 1.1...

CVE-2025-50891

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software such as Adform Site Tracking 1.1...

SoftCOM iKSORIS 授权问题漏洞

SoftCOM iKSORIS is an application from SoftCOM, Inc. An authorization issue vulnerability exists in SoftCOM iKSORIS versions prior to 79.0 that stems from allowing arbitrary session cookie values to be set, which could lead to account hijacking...

PT-2024-40392 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 4.1.26 Description: The issue concerns the security of "remember me" cookies. If a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true...

CVE-2023-24514

Cross-site Scripting XSS vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2021-41542

A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...

CVE-2021-41541

A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The Group Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code...

CVE-2021-42703

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action...

Advantech WebAccess HMI Designer 跨站脚本漏洞

Advantech WebAccess HMI Designer is an integrated HMI development tool from Advantech, Taiwan, China. The product is equipped with features such as data transfer, menu editing and text editing. A cross-site scripting vulnerability exists in Advantech WebAccess HMI Designer versions prior to...

CVE-2021-22676

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting XSS, which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA...

redpill

This is a PowerShell module repository called "redpill" that provides various post-exploitation tools for Windows systems. The repository contains several scripts that can be used to perform different tasks such as: Bypassing AppLocker restrictions Hijacking browser cookies Downloading and...

嘉实资讯 CTS Web transaction system 授权问题漏洞

CTS Web transaction system is a CTS Web transaction system from Cascade Information Technology, Taiwan. An authorization issue vulnerability exists in the CTS Web transaction system, which stems from an incorrect implementation of authentication-related functionality in the transaction system. A...

CVE-2021-27436

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing...

研华 Advantech WebAccess/SCADA 跨站脚本漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A cross-site scripting vulnerability...