CVE-2026-22903

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections...

CVE-2026-22903

Affects lighttpd-based server variants (modified lighttpd) where an unauthenticated remote attacker can send a crafted HTTP request with an overly long SESSIONID cookie. The underlying issue is a stack buffer overflow, triggered by the oversized cookie, leading to server crashes and potentially r...

AndSoft e-TMS SQL Injection Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the SessionID cookie parameter in file /inc/connect/CONNECTION.ASP. An attacker can us...

EUVD-2013-3520

Malware in sbrugna...

EUVD-2002-1047

Malware in sbrugna...

EUVD-2023-54194

Malicious code in bioql PyPI...

CVE-2025-59743

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...

CVE-2025-59743 Multiple vulnerabilities in AndSoft's e-TMS

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...

CVE-2013-3586

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie...

CVE-2023-45600

A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

Default configuration

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

CVE-2023-4329 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

CVE-2023-4329 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

GHSA-W7H9-8WR4-HWQH OpenStack Horizon Session Fixation

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

CVE-2021-30117

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 Macintosh;...

Authentication flaw

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

CVE-2021-30116 Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

CVE-2021-30116

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

WatchGuard Firewall XTM 11.7.4u1 - Remote Buffer Overflow

No description provided by source. !/usr/bin/perl -w Exploit Title: WatchGuard Firewall XTM version 11.7.4u1 - Remote buffer overflow exploit sessionid cookie Date: Oct 18 2013 Exploit Author: [email protected] a.k.a. [email protected] Vendor Homepage: http://www.watchguard.com Version: =...