Lucene search
K

170 matches found

exploitpack
exploitpack
added 2018/08/24 12:0 a.m.27 views

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)

Vox TG790 ADSL Router - Cross-Site Request Forgery Add Admin Title: Vox TG790 ADSL Router - Cross-Site Request Forgery Add Admin Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper session managemen...

0.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2018/06/14 12:0 a.m.5 views

The vulnerability of SAP Business Objects software for data collection and analysis lies in improper session management, allowing attackers to gain unauthorized access.

The vulnerability of SAP Business Objects software for data collection and analysis is related to improper session management. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access...

7.5CVSS5.5AI score0.01623EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/06/04 2:29 p.m.5 views

CVE-2018-11714

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2018/06/04 2:29 p.m.22 views

CVE-2018-11714

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...

10CVSS9.5AI score0.36516EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/06/04 2:0 p.m.24 views

CVE-2018-11714

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...

9.5AI score0.36516EPSS
Exploits1References2
OSV
OSV
added 2018/04/10 3:29 p.m.5 views

CVE-2018-2409

Improper session management when using SAP Cloud Platform 2.0 Connectivity Service and Cloud Connector. Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform...

8.8CVSS5.8AI score0.01256EPSS
Exploits0References3
NVD
NVD
added 2018/04/10 3:29 p.m.17 views

CVE-2018-2409

Improper session management when using SAP Cloud Platform 2.0 Connectivity Service and Cloud Connector. Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform...

8.8CVSS7.1AI score0.01256EPSS
Exploits0References3
NVD
NVD
added 2018/04/10 3:29 p.m.19 views

CVE-2018-2408

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active...

7.5CVSS7.2AI score0.01623EPSS
Exploits0References3
Prion
Prion
added 2018/04/10 3:29 p.m.11 views

Input validation

Improper session management when using SAP Cloud Platform 2.0 Connectivity Service and Cloud Connector. Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform...

6.5CVSS8.7AI score0.01256EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/04/10 3:0 p.m.42 views

CVE-2018-2409

The CVE-2018-2409 issue affects SAP Cloud Platform 2.0 components (Connectivity Service and Cloud Connector). The root cause is improper session management, which can allow data from another user to be shown or modified when applications built on SAP Cloud Platform are used. In practice, this lea...

8.8CVSS8.7AI score0.01256EPSS
Exploits0References3Affected Software1
exploitpack
exploitpack
added 2018/04/06 12:0 a.m.56 views

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard...

7.5CVSS0.7AI score0.15255EPSS
Exploits2
Exploit DB
Exploit DB
added 2018/04/06 12:0 a.m.66 views

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass

Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard coded cookie. Using any cookie manager extension, an...

9.8CVSS9.7AI score0.15255EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/03/26 12:0 a.m.32 views

ClipBucket beats_uploader Unauthenticated Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ClipBucket beatsuploader Unauthenticated Arbitrary File Upload", 'Description' = %q This module exploits a vulnerability found in ClipBucket...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/03/23 12:0 a.m.41 views

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload Exploit

Exploit for php platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ClipBucket beatsuploader Unauthenticated Arbitrary File Upload", 'Description' = %q This...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2017/10/18 12:0 a.m.50 views

Linksys E Series - Multiple Vulnerabilities

Linksys E Series - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version: see "Vulnerable /...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/08/28 12:59 a.m.34 views

GSA Bounty: Improper Session management can cause account takeover[https://micropurchase.18f.gov]

Hello, I would like to report a vulnerability on https://micropurchase.18f.gov where I am able to reuse session cookie of a test user account i accessed through Github. The problem is that the cookies stored on the browser are not getting expired after logging out from the platform and from Githu...

6.8AI score
Exploits0
Prion
Prion
added 2017/05/08 8:29 p.m.17 views

Design/Logic Flaw

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file...

4.3CVSS4.2AI score0.00985EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/05/08 8:29 p.m.23 views

CVE-2017-0892

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file...

4.3CVSS3.9AI score0.00985EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2017/05/08 12:0 a.m.6 views

PT-2017-10693 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 11.0.3 Description: The issue is related to improper session handling, which allows an application-specific password to access user files without permission. This affects the security of file access for user...

4.3CVSS3.9AI score0.00985EPSS
Exploits0References6
Nextcloud
Nextcloud
added 2017/05/08 12:0 a.m.31 views

Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

Improper session handling allowed an application specific password without permission to the files access to the users file...

4.3CVSS2.5AI score0.00985EPSS
Exploits0Affected Software1
Rows per page
Query Builder