CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

PT-2024-27122 · Unknown · Module Live Chat Pro

Name of the Vulnerable Software and Affected Versions: Module Live Chat Pro All in One Messaging versions prior to 8.4.0 Description: The issue allows a guest to perform PHP code injection due to a predictable token. The method Lcp::saveTranslations is vulnerable, enabling the injection of PHP co...

CVE-2024-36679

CVE-2024-36679 affects Module Live Chat Pro (All in One Messaging) for PrestaShop, versions

CVE-2023-38579

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

CVE-2023-38579

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

CVE-2023-38579 Westermo Lynx 206-F2G Cross-Site Request Forgery

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

CVE-2023-38579 Westermo Lynx 206-F2G Cross-Site Request Forgery

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

Rancher cattle-token is predictable

Impact An issue was discovered in Rancher versions up to and including 2.6.9 and 2.7.0, where the cattle-token secret, used by the cattle-cluster-agent, is predictable. Even after the token is regenerated, it will have the same value. This issue is not present in Rancher 2.5 releases. The...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X days. By default today and yesterday DAYS = 1 will be checked. If a valid session token is...

CVE-2022-29808

In Quest KACE Systems Management Appliance SMA through 12.0, predictable token generation occurs when appliance linking is enabled...

CVE-2022-29808

CVE-2022-29808 affects Quest KACE Systems Management Appliance (SMA) up to and including 12.0, where appliance linking enables predictable token generation. This is the root cause described in connected records, tied to SMA versions prior to 12.0 and remediated by upgrading to 12.0 or later. The ...

Quest KACE Systems Management Appliance 安全特征问题漏洞

The Quest KACE Systems Management Appliance Quest KACE SMA is an automated and simplified IT systems management platform from Quest Corporation. A security vulnerability exists in the Quest KACE Systems Management Appliance SMA version 12.0 and prior versions, which stems from a predictable token...

Cross site request forgery (csrf)

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

CVE-2022-35229

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

in yiisoft/yii2

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates weak random numbers is mtrand in CaptchaAction.php at line 217. 🕵️‍♂️ Proof of Concept ?php...

CVE-2021-29023

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable...

randomIndex is not truly random - possibility of predictably minting a specific token Id

Handle @GalloDaSballo Vulnerability details Impact Detailed description of the impact of this finding. randomIndex: Is not random Any miner has access to these values uint index = uintkeccak256abi.encodePackednonce, msg.sender, block.difficulty, block.timestamp % totalSize; Non miner attackers...

PYSEC-2019-185

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...