69 matches found
CVE-2021-28844
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to applycgi via a dographauth action without a sessionid key...
CVE-2021-32099
A SQL injection vulnerability in the pandoraconsole component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chartgenerator.php sessionid parameter, leading to a login bypass...
CVE-2020-27743
libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...
CVE-2020-27743
libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...
Information disclosure
libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...
CVE-2020-27743
libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...
CVE-2020-27743
libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...
CVE-2020-27743
Removed by vendor...
CVE-2020-26518
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandoraconsole/include/chartgenerator.php sessionid parameter...
Sql injection
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandoraconsole/include/chartgenerator.php sessionid parameter...
Unikrn: session_id is not being validated at email invitation endpoint
sessionid is not being validated at email invitation endpoint request sample: POST /apiv1/inviteemail HTTP/1.1 Host: unikrn.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:57.0 Gecko/20100101 Firefox/57.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5...
Unikrn: CSRF in Raffles Ticket Purchasing
Description: ======== An API endpoint get executed with no CSRF prevention, the endpoint did not verify sessionid required in the post form. An attacker can crafted malicious form Poc, which is executed by authenticated user action leading to huge balance lost. Poc: === Recommendations:...
CVE-2016-7552
CVE-2016-7552 affects Trend Micro Threat Discovery Appliance 2.6.1062r1. Affected component: logoff.cgi, where processing of the session_id cookie triggers a directory traversal vulnerability that can let a remote, unauthenticated attacker delete files as root, bypass authentication, or cause a D...
ThinkPHP一处过滤不当造成SQL注入漏洞
简要描述: 内核中某个模块开发的太粗糙啦。 详细说明: 问题出现在session,Thinkphp支持更换session handle。 handle中包括Db和Memcache,如下配置即可使用数据库作为session的存储器: 设置了选项后,在数据库里插入这个表(前缀think可以自己定义): / 数据库方式Session驱动 CREATE TABLE thinksession sessionid varchar255 NOT NULL, sessionexpire int11 NOT NULL, sessiondata blob, UNIQUE KEY sessionid...
Centreon < 2.5.3 Multiple Vulnerabilities
According to its version number, the Centreon application hosted on the remote web server is affected by multiple vulnerabilities : - Multiple unauthenticated SQL injection vulnerabilities. CVE-2014-3828 - A remote, unauthenticated command injection vulnerability in the 'sessionid' and 'templatei...
PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
CVE-2012-0273
Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a 1 sessionid cookie in a request to the getcookievalue function in response.c, 2 directory name in a request to the adddefaultfile function in response.c, or 3 file name in a request to th...
Stack overflow
Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a 1 sessionid cookie in a request to the getcookievalue function in response.c, 2 directory name in a request to the adddefaultfile function in response.c, or 3 file name in a request to th...
CVE-2012-5391
Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the sessionid...
phpMyAdmin3 (pma3) - Remote Code Execution
phpMyAdmin3 pma3 - Remote Code Execution !/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "confi...