Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sid vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-15602
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
Gnu Libextractor 1.4
10
CVSSv2
CVE-2008-0960
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x prior to 5.2.4.1, 5.3.x prior to 5.3.2.1, and 5.4.x prior to 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 up to and including 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3R...
Juniper Session And Resource Control 1.0
Juniper Session And Resource Control 2.0
Juniper Src Pe 1.0
Juniper Src Pe 2.0
1 EDB exploit
4.3
CVSSv2
CVE-2017-15922
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
Gnu Libextractor 1.4
NA
CVE-2024-25314
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.
Hotel Management System Project Hotel Management System 1.0
10
CVSSv2
CVE-2020-29659
A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous malicious user to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid= attack.
Flexense Dupscout 10.0.18
5
CVSSv2
CVE-2000-1200
Windows NT allows remote malicious users to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
Microsoft Windows Nt 4.0
5
CVSSv2
CVE-2005-4731
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote malicious users to obtain the SID via an HTTP Referer field and possibly other vectors.
The Php Group Pear Html Quickform Controller 1.0.4
5
CVSSv2
CVE-2005-2380
Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote malicious users to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php.
Php Surveyor Php Surveyor 0.98
6.5
CVSSv2
CVE-2021-27771
User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sendi...
Hcltech Sametime 11.6
NA
CVE-2024-0454
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.1201...
Emc Elan Match-on-chip Fpr Solution Firmware 3.0.12011.08009
Emc Elan Match-on-chip Fpr Solution Firmware 3.3.12011.08103
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »