ESP-IDF 安全漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0 of ESP-IDF contain security vulnerabilities. These vulnerabilities stem from a buffer overflow in the session setting path of the protocomm...

CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...

CVE-2025-15501

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...

CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...

CVE-2025-15500

The CVE-2025-15500 entry describes a remote OS command injection in Sangfor Operation and Maintenance Management System (versions up to 3.0.8) via the HTTP POST Request Handler, specifically manipulating the sessionPath parameter for /isomp-protocol/protocol/getHis. Exploitation is public. Affect...

Sangfor Operation and Maintenance Management System 操作系统命令注入漏洞

Sangfor Operation and Maintenance Management System is an operation and maintenance management system from China's Sangfor. An OS command injection vulnerability exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which stems from incorrect manipulation of th...

PT-2026-1778

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A flaw exists in Sangfor Operation and Maintenance Management System. Manipulation of the sessionPath argument within the WriterHandle.getCmd function, locate...

PT-2025-34245 · Unknown · Phpgurukul Online Course Registration System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Course Registration version 3.1 Description: A flaw exists in PHPGurukul Online Course Registration 3.1 related to SQL injection. The issue is located in the /admin/session.php file, specifically through manipulation of the...

CVE-2024-48733

SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...

Cisco DPC3939 Firmware Arbitrary File Write Vulnerability

Cisco DPC3939 is a wireless voice gateway product from Cisco USA. A security vulnerability exists in the Cisco DPC3939 firmware. It allows a remote attacker to write arbitrary data to a known /var/tmp/sess path by exploiting the operation of the UI exploit mode device...

CVE-2017-9485

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST devices allows remote attackers to write arbitrary data to a known /var/tmp/sess pathname by leveraging the device's operation in UI dev mode...

Cisco IOS and IOS XE Software Application-Hosting Framework HTTP Header Injection Vulnerability

Cisco IOS and IOS XE Software are operating systems developed by Cisco in the United States for its network devices. An HTTP header injection vulnerability exists in the Application-Hosting Framework component in Cisco IOS version 15.61T1 and IOS XE Software. When the Iox feature setting is...

IRSR <= 0.2 (_sysSessionPath) Remote File Include Vulnerability

No description provided by source. / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - IRSR - Invisionix Roaming System Remote = 0.2 sysSessionPath Remote File Include Vulnerabilities + + + - Script name: IRSR - Invisionix Roaming System Remote v. 0.2 - Script site: http://www.invisionix.org ...

Wodig4. 1. 3 Access the free version(UTF-8)upload vulnerability-vulnerability warning-the black bar safety net

Author: unknown 1, The upload/uploadimage. asp, Mutiuploadimage. asp. From the cookie to obtain the userid and put in the session, as the path. ASP/Visual Basic code 1. loadsrc="/UploadFile/"&Request. Cookies"UserID"&"/" 'if the website is not put in with the directory, please/UploadFile before...