239 matches found
EUVD-2022-49309
Malicious code in bioql PyPI...
CVE-2025-59743
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...
CVE-2025-59743 Multiple vulnerabilities in AndSoft's e-TMS
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...
Linux Distros Unpatched Vulnerability : CVE-2018-25052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the...
CVE-2024-36697
A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...
CVE-2024-36697
A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...
CVE-2024-36697
A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...
CVE-2024-36697
CVE-2024-36697 describes an XSS in Allworx System Software v9.1.9.12, affecting the Admin Login page via the SessionID parameter in query.asp. No exploitation details are provided in the connected documents. Remediation guidance from PT-2025-29092: apply a fix for Allworx System Software version ...
PHPGurukul Online Notes Sharing System 安全漏洞
PHPGurukul Online Notes Sharing System is an online notes sharing system from PHPGurukul Inc. A security vulnerability exists in version 1.0 of the PHPGurukul Online Notes Sharing System, which stems from a SQL injection due to incorrect manipulation of the sessionid parameter in the File/Dashboa...
PT-2025-28302 · Unknown · Phpgurukul Online Notes Sharing System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Notes Sharing System version 1.0 Description: A critical issue was found in the PHPGurukul Online Notes Sharing System, affecting an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of th...
CVE-2024-37783
A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...
CVE-2024-57052
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file...
CVE-2023-22620
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...
CVE-2022-46505
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data...
CVE-2021-30116
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...
CVE-2021-20048
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions...
CVE-2021-25926
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...
CVE-2013-3586
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie...
CVE-2024-12580 Logs Debug Injection in danny-avila/librechat
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...
OESA-2025-1269 pki-core security update
Dogtag PKI is a designed enterprise software system manage enterprise Public Key Infrastructure deployments. Security Fixes: A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an...