CVE-2026-22903 Stack Overflow via SESSIONID Cookie in lighttpd

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections...

PT-2026-7081

Name of the Vulnerable Software and Affected Versions lighttpd affected versions not specified Description An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the lighttpd server, potentially...

EUVD-2014-0175

Malware in sbrugna...

EUVD-2022-31811

Malicious code in bioql PyPI...

EUVD-2025-32129

Malicious code in bioql PyPI...

CVE-2022-27305

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation...

The vulnerability of the Telnet service of the TOTOLINK N200RE V5 router’s microprogramming system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Telnet service provided by the TOTOLINK N200RE V5 microprogramming router lies in the use of strictly encrypted login credentials, with the SESSIONID file stored in a cookie. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected...

CVE-2021-27771

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID SID. This value is also used when sending chat messages,...

PT-2022-17700 · Cherwell · Cherwell Service Management

Name of the Vulnerable Software and Affected Versions: Cherwell Service Management version 10.2.3 Description: An issue was discovered in the web application where the ASP.NET Sessionid cookie is not protected by the Secure flag, making it prone to interception by an attacker if traffic is sent...

CVE-2014-0090

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie...

Session fixation

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie...

WatchGuard Firewall XTM 11.7.4u1 - Remote Buffer Overflow

Exploit for hardware platform in category remote exploits !/usr/bin/perl -w Exploit Title: WatchGuard Firewall XTM version 11.7.4u1 - Remote buffer overflow exploit sessionid cookie Date: Oct 18 2013 Exploit Author: email protected a.k.a. email protected Vendor Homepage: http://www.watchguard.com...

Google Web History vulnerable to new Firesheep Addon

Google Web History vulnerable to new Firesheep Addon Two researchers have shown how a modded version of the Firesheep Wi-Fi sniffing tool can be used to access most of a victim's Google Web History, a record of everything an individual has searched for. The core weakness discovered by the...

ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-3 ------------------------------------------------------------------------- ASPR 2004-10-14-3: Unsanitized Session ID Cookie Allows Modifying Serv...

SquirrelMail < 1.2.11 Multiple Script XSS

The target is running at least one instance of SquirrelMail whose version number is between 1.2.0 and 1.2.10 inclusive. Such versions do not properly sanitize From headers, leaving users vulnerable to XSS attacks. Further, since SquirrelMail displays From headers when listing a folder, attacks do...

CVE-2000-0970

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability...

CVE-2000-0970

CVE-2000-0970 affects IIS 4.0 and 5.0 where ASP pages send the same Session ID cookie for secure and insecure sessions, enabling potential remote hijacking of a user’s secure session if they transition to insecure web traffic. The root cause is cookie marking across session contexts, leading to p...

CVE-2000-0970

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability...

Security Bulletin &#40;MS00-080&#41;

Microsoft Security Bulletin MS00-080 - -------------------------------------- Patch Available for "Session ID Cookie Marking" Vulnerability Originally posted: October 23, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet Informatio...