Searching phpsessid software vulnerabilities

Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.


CRLF injection vulnerability in calendar.php in

vulnerability | calendarphp | DCP-Portal | injection | CRLF |

CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.


CubeCart 2.0.6 allows remote attackers to obtai

CubeCart |

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.


Helpdesk Software Hesk allows remote attackers

authentication | attackers | Helpdesk | Software | bypass | allows | remote | Hesk |

Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.


SQL injection vulnerability in link.php in Arab

vulnerability | attackers | arbitrary | injection | commands | execute | linkphp | remote | allows | Portal | System | Arab | Beta | via | SQL |

SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID (session ID) or (2) REQUEST_URI (query string).


Cross-site scripting (XSS) vulnerability in cha

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.


Multiple SQL injection vulnerabilities in APBoa

vulnerabilities | arbitrary | injection | attackers | commands | Multiple | execute | earlier | APBoard | remote | 22-r3 | allow | via | SQL |

Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php.


PHP before 4.4.3 and 5.x before 5.1.4 does not

before | PHP |

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.


Photostand 1.2.0 allows remote attackers to obt

Photostand |

Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.


Session fixation vulnerability in onelook obo S

vulnerability | PHPSESSID | attackers | fixation | sessions | setting | Session | onelook | cookie | hijack | allows | remote | Shop | obo | web |

Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.


Session fixation vulnerability in onelook oneby

vulnerability | PHPSESSID | attackers | sessions | onebyone | fixation | Session | setting | onelook | cookie | remote | allows | hijack | CMS | web |

Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.


Session fixation vulnerability in onelook court

vulnerability | PHPSESSID | attackers | sessions | fixation | setting | Session | on-line | onelook | cookie | allows | courts | remote | hijack | web |

Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.


Session fixation vulnerability in eXV2 CMS 2.0.

vulnerability | fixation | Session | eXV2 | CMS |

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.


Session fixation vulnerability in Plogger allow

vulnerability | attackers | parameter | PHPSESSID | sessions | fixation | Session | setting | Plogger | allows | remote | hijack | web |

Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.


Session fixation vulnerability in Simple Machin

vulnerability | Machines | fixation | Session | Simple | Forum |

Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.


Session fixation vulnerability in chameleon cms

vulnerability | parameter | attackers | PHPSESSID | chameleon | sessions | fixation | earlier | Session | setting | remote | allows | hijack | cms | web |

Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.


Session fixation vulnerability in Calimero.CMS

vulnerability | CalimeroCMS | fixation | Session |

Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.


Session fixation vulnerability in bwired allows

vulnerability | attackers | parameter | PHPSESSID | sessions | fixation | Session | setting | remote | allows | hijack | bwired | web |

Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.


Session fixation vulnerability in Virtual Hosti

vulnerability | fixation | Hosting | Control | Session | Virtual | System |

Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.


Software vulnerabilities results 1 to 20 of 28     
Page: 12