42 matches found
EUVD-2026-39597
The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...
Debian dla-4602 : lemonldap-ng - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4602 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4602-1 [email protected]...
CVE-2026-5081
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...
CVE-2026-33043
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...
GHSA-QC3P-398R-P59J AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS
Summary /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials: true, enabling cross-origin session theft and full account...
EUVD-2003-1302
Malware in sbrugna...
EUVD-2021-10120
Malware in sbrugna...
EUVD-2019-4334
Malware in sbrugna...
EUVD-2000-0712
Malware in sbrugna...
EUVD-2014-0212
Malware in sbrugna...
EUVD-2008-7152
Malware in sbrugna...
EUVD-2009-5056
Malware in sbrugna...
EUVD-2011-1837
Malware in sbrugna...
EUVD-2014-9499
Malware in sbrugna...
EUVD-2022-2864
Malicious code in bioql PyPI...
CVE-2024-37183
Plain text credentials and session ID can be captured with a network sniffer...
CVE-2019-6656
BIG-IP APM Edge Client before version 7.1.8 7180.2019.508.705 logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM...
CVE-2007-6470
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies...
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie...
GHSA-V664-QGX9-WF79 RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie...