CA 2E Web Option session spooging

Pridictable session token...

CA 2E Web Option 8.1.2身份验证绕过漏洞

CVECAN ID: CVE-2014-1219 CA 2E Web Option是CA 2E应用Web接口开发工具。 CA 2E Web Option r8.1.2生成会议令牌的方式可以预测，在实现上存在安全漏洞，这可使远程攻击者绕过身份验证机制。 0 CA 2E Web Option 8.1.2 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.ca.com/us//media/files/productbriefs/cs3003-ca-2e-web-option.aspx Vulnerability title:...

CA 2E Web Option 8.1.2 - Authentication Bypass Vulnerability

Exploit for multiple platform in category web applications Details: CA 2E Web Option r8.1.2 and potentially others, is vulnerable to unauthenticated privilege escalation via a predictable session token. The POST parameter session token W2ESSNID appears as follows:...

CA 2E Web Option 8.1.2 - Authentication Bypass

Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web Option Affected version: 8.1.2 Fixed version: N/A Reported by: Mike Emery Details: CA 2E Web Option r8.1.2 and potentially others, is vulnerable to unauthenticated privilege...

CVE-2013-4732

The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU662676...

CVE-2013-4732

CVE-2013-4732 affects Digital Alert Systems DASDEC EAS device (versions 2.0-2) and Monroe Electronics R189 One-Net EAS device (versions 2.0-2). The issue is predictable session ID values in the administrative web server, enabling potential session hijacking by sniffing the network. Public documen...

CVE-2013-4732

The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU662676...

Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net firmware exposes private root SSH key

Overview Digital Alert Systems DASDEC and Monroe Electronics One-Net E189 Emergency Alert System EAS devices exposed a shared private root SSH key in publicly available firmware images. An attacker with SSH access to a device could use the key to log in with root privileges. Description The Digit...

CVE-2012-6571

The HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a...

Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities

Exploit for windows platform in category web applications ====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== VULNERABILITY DESCRIPTION:...

Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities

Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities ====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0....

Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities

====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...

CVE-2011-0887

The web management portal on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie...

Design/Logic Flaw

The web management portal on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie...

CVE-2011-0887

The web management portal on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie...

CVE-2011-0887

The CVE-2011-0887 entry refers to the Comcast DOCSIS 3.0 Business Gateway (SMCD3G-CCR) web management portal. Affected firmware prior to 1.4.0.49.2 uses a predictable session ID (“userid” cookie) derived from epoch time, enabling brute-forcing to hijack active sessions. Trustwave’s SpiderLabs adv...

CVE-2010-4304

The web interface in Cisco Unified Videoconferencing UVC System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit MCU uses...

Command injection

The web interface in Cisco Unified Videoconferencing UVC System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit MCU uses...

CVE-2010-4304

The CVE affects Cisco Unified Videoconferencing (UVC) System components: 3545, 5110, 5115, 5230; 3527 PRI Gateway; 3522 BRI Gateway; and 3515 MCU. Root cause is predictable session IDs based on time values, enabling remote attackers to hijack sessions through brute-force. No exploit details are p...

CVE-2010-4304

The web interface in Cisco Unified Videoconferencing UVC System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit MCU uses...