Lucene search
K

69 matches found

Cvelist
Cvelist
added 2021/08/10 6:54 p.m.30 views

CVE-2021-28844

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to applycgi via a dographauth action without a sessionid key...

7.6AI score0.00961EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/07 3:51 a.m.33 views

CVE-2021-32099

A SQL injection vulnerability in the pandoraconsole component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chartgenerator.php sessionid parameter, leading to a login bypass...

9.9AI score0.1139EPSS
Exploits2References3
OSV
OSV
added 2020/10/26 10:15 p.m.34 views

CVE-2020-27743

libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...

9.8CVSS6.6AI score
Exploits0References2
NVD
NVD
added 2020/10/26 10:15 p.m.37 views

CVE-2020-27743

libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...

9.8CVSS0.01715EPSS
Exploits0References2
Prion
Prion
added 2020/10/26 10:15 p.m.25 views

Information disclosure

libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...

7.5CVSS9.2AI score0.01715EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/10/26 10:15 p.m.26 views

CVE-2020-27743

libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...

9.8CVSS7.2AI score0.01715EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/10/26 9:40 p.m.39 views

CVE-2020-27743

libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...

9.4AI score0.01715EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/10/26 9:40 p.m.27 views

CVE-2020-27743

Removed by vendor...

9.8CVSS9.4AI score0.01715EPSS
Exploits0
NVD
NVD
added 2020/10/02 5:15 a.m.9 views

CVE-2020-26518

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandoraconsole/include/chartgenerator.php sessionid parameter...

9.8CVSS0.02058EPSS
Exploits1References1
Prion
Prion
added 2020/10/02 5:15 a.m.17 views

Sql injection

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandoraconsole/include/chartgenerator.php sessionid parameter...

7.5CVSS9.8AI score0.02058EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2017/11/23 3:1 p.m.25 views

Unikrn: session_id is not being validated at email invitation endpoint

sessionid is not being validated at email invitation endpoint request sample: POST /apiv1/inviteemail HTTP/1.1 Host: unikrn.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:57.0 Gecko/20100101 Firefox/57.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2017/09/28 4:8 a.m.14 views

Unikrn: CSRF in Raffles Ticket Purchasing

Description: ======== An API endpoint get executed with no CSRF prevention, the endpoint did not verify sessionid required in the post form. An attacker can crafted malicious form Poc, which is executed by authenticated user action leading to huge balance lost. Poc: === Recommendations:...

0.9AI score
Exploits0
CVE
CVE
added 2017/04/12 10:0 a.m.122 views

CVE-2016-7552

CVE-2016-7552 affects Trend Micro Threat Discovery Appliance 2.6.1062r1. Affected component: logoff.cgi, where processing of the session_id cookie triggers a directory traversal vulnerability that can let a remote, unauthenticated attacker delete files as root, bypass authentication, or cause a D...

10CVSS9.4AI score0.93249EPSS
Exploits15References2Affected Software1
seebug.org
seebug.org
added 2015/03/08 12:0 a.m.46 views

ThinkPHP一处过滤不当造成SQL注入漏洞

简要描述: 内核中某个模块开发的太粗糙啦。 详细说明: 问题出现在session,Thinkphp支持更换session handle。 handle中包括Db和Memcache,如下配置即可使用数据库作为session的存储器: 设置了选项后,在数据库里插入这个表(前缀think可以自己定义): / 数据库方式Session驱动 CREATE TABLE thinksession sessionid varchar255 NOT NULL, sessionexpire int11 NOT NULL, sessiondata blob, UNIQUE KEY sessionid...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/12/23 12:0 a.m.52 views

Centreon < 2.5.3 Multiple Vulnerabilities

According to its version number, the Centreon application hosted on the remote web server is affected by multiple vulnerabilities : - Multiple unauthenticated SQL injection vulnerabilities. CVE-2014-3828 - A remote, unauthenticated command injection vulnerability in the 'sessionid' and 'templatei...

10CVSS6AI score0.80998EPSS
Exploits9References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

7.1AI score
Exploits0
NVD
NVD
added 2014/06/20 2:55 p.m.11 views

CVE-2012-0273

Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a 1 sessionid cookie in a request to the getcookievalue function in response.c, 2 directory name in a request to the adddefaultfile function in response.c, or 3 file name in a request to th...

7.5CVSS7.8AI score0.03454EPSS
Exploits0References6
Prion
Prion
added 2014/06/20 2:55 p.m.11 views

Stack overflow

Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a 1 sessionid cookie in a request to the getcookievalue function in response.c, 2 directory name in a request to the adddefaultfile function in response.c, or 3 file name in a request to th...

7.5CVSS8.4AI score0.03454EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2014/06/02 3:0 p.m.47 views

CVE-2012-5391

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the sessionid...

6.8CVSS6.4AI score0.02251EPSS
Exploits1
exploitpack
exploitpack
added 2011/07/08 12:0 a.m.66 views

phpMyAdmin3 (pma3) - Remote Code Execution

phpMyAdmin3 pma3 - Remote Code Execution !/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "confi...

7.5CVSS6.8AI score0.12879EPSS
Exploits16
Rows per page
Query Builder