Tenda N300 授权问题漏洞

The Tenda N300 is a router from China-based Tenda. The Tenda N300 suffers from an authorization issue vulnerability that stems from the use of login credentials as a session ID, which could allow a remote attacker to hijack an authenticated session by intercepting network traffic and capturing th...

PT-2026-2150

Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers are susceptible to a flaw stemming from the use of login credentials as the session ID via the web-based administrative interface. A remote attacker could...

CVE-2013-6347

Session fixation vulnerability in Novell ZENworks Configuration Management ZCM before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors...

EUVD-2001-0722

Malware in sbrugna...

EUVD-2021-23740

Malware in sbrugna...

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. "The flaws, affecting the device's ONVIF protocol and file upload handlers, allow...

Exploit for CVE-2025-51864

CVE-2025-51864 Vulnerability description AIBOX is a web...

The vulnerability of the aiohttp HTTP client, related to deficiencies in HTTP request processing, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the aiohttp HTTP client is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute an “HTTP request hijacking” attack...

ROS-20240816-10

A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...

DLink DIR < 2.17.b02 (SAP10018)

The version of DLink DIR installed on the remote host is prior to 2.17.b02. It is, therefore, affected by a vulnerability as referenced in the SAP10018 advisory. - Multiple cross-site request forgery CSRF vulnerabilities in D-Link DIR-600 router rev. Bx with firmware before 2.17b02 allow remote...

The vulnerability of Eclipse Jetty servlet containers, related to errors in processing input data length parameters, allows attackers to execute “HTTP request hijacking” attacks.

The vulnerability of Eclipse Jetty servlet containers is related to errors in processing parameter values related to input data length. Exploiting this vulnerability can allow a malicious actor to carry out a “HTTP request hijacking” attack remotely...

The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows attackers to carry out TCP/IP hijacking attacks.

The vulnerability of the TCP/IP protocol implementation in Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to carry out a TCP/IP hijacking attack remotely...

CVE-2023-23482

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...

PT-2023-3518 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to 8 Description: The issue is related to a flaw in the TCP/IP protocol implementation in Windows operating systems, specifically concerning authentication procedure weaknesses. This can be exploited by a remote attacke...

SUSE CVE-2013-1399

Multiple cross-site request forgery CSRF vulnerabilities in the 1 node request management, 2 live management, and 3 user administration components in the console in Puppet Enterprise PE before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2022-22503

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

CVE-2021-29865

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...

GHSA-3VHR-F5XR-8VPX Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack

Cross-site request forgery CSRF vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method...

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

Design/Logic Flaw

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...