Lucene search
K

897 matches found

Prion
Prion
added 2018/01/31 8:29 p.m.22 views

Design/Logic Flaw

Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...

7.6CVSS8.2AI score0.02169EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2018/01/31 8:29 p.m.17 views

CVE-2017-15654

Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...

8.3CVSS8.3AI score0.02169EPSS
Exploits2References2
Cvelist
Cvelist
added 2018/01/31 8:0 p.m.24 views

CVE-2017-15654

Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...

8.3AI score0.02169EPSS
Exploits2References2
CVE
CVE
added 2018/01/31 8:0 p.m.57 views

CVE-2017-15654

CVE-2017-15654 affects AsusWRT's HTTPd in Asus routers (versions up to 3.0.0.4.380.7743). The vulnerability stems from highly predictable session tokens generated by reseeding the RNG with time(), enabling an attacker to infer or guess a valid administrator session and gain router admin access. C...

8.3CVSS8.2AI score0.02169EPSS
Exploits2References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2018/01/25 12:0 a.m.514 views

Hewlett Packard Enterprise Intelligent Management Center operatorOnlineList_contentOnly Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...

5CVSS7.2AI score0.05356EPSS
Exploits0References1
seebug.org
seebug.org
added 2018/01/17 12:0 a.m.69 views

Multiple vulnerabilities in all versions of ASUS routers

1 ASUSWRT 3.0.0.4.376 - multiple vulnerabilities in httpd server all versions of AsusWRT at the time of report to vendor, for previous 376 version see next section 1. Highly predictable session tokens The session token is generated for an authenticated user using stdlib rand function. The token...

9.7AI score0.03149EPSS
Exploits4
OSV
OSV
added 2017/12/20 10:29 p.m.4 views

CVE-2017-5263

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones...

8CVSS5.8AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2017/12/20 10:29 p.m.15 views

CVE-2017-5263

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones...

8CVSS8AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/12/20 10:0 p.m.18 views

CVE-2017-5263

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones...

8AI score0.003EPSS
Exploits0References1
Veracode
Veracode
added 2017/12/06 11:56 a.m.7 views

Cross-site Request Forgery (CSRF)

TeamPass is vulnerable to cross-site request forgery CSRF attacks. The library does not generate session tokens for users, meaning a user can pass a malicious request as another user...

6.6AI score
Exploits0
seebug.org
seebug.org
added 2017/09/19 12:0 a.m.51 views

Moxa AWK-3131A Web Application Multiple Reflected Cross-Site Scripting Vulnerabilities(CVE-2016-8719)

Summary An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Tested Versions...

4.3CVSS5.9AI score0.00823EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2017/08/25 12:0 a.m.11 views

The vulnerability of the built-in software in Business NAS allows a perpetrator to execute arbitrary code.

The vulnerability of the built-in software in Business NAS arises from the use of cryptographic algorithms that contain defects or risks. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges, using a static encryption key t...

10CVSS8.1AI score0.43813EPSS
Exploits7References9Affected Software1
ThreatPost
ThreatPost
added 2017/07/12 12:36 p.m.8 views

Uber Patches Authentication Bypass Vulnerability on Custom SSO Solution

Uber has addressed a vulnerability that allowed attackers to steal session tokens and hijack accounts. Researcher Arne Swinnen disclosed details Monday after confirming late last week that the issue had been resolved; he earned $5,000 in bounties from Uber. Swinnen said that if exploited at a lar...

Exploits0References1
NVD
NVD
added 2017/06/08 4:29 p.m.32 views

CVE-2014-8687

Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens...

10CVSS9.8AI score0.43813EPSS
Exploits7References6
CVE
CVE
added 2017/06/08 4:0 p.m.64 views

CVE-2014-8687

CVE-2014-8687 affects Seagate Business NAS devices with firmware older than 2015.00322. The vulnerability allows remote code execution with root privileges by exploiting a static encryption key used to create session tokens, enabling unauthenticated command execution via the CodeIgniter session c...

10CVSS9.7AI score0.43813EPSS
Exploits7References6Affected Software1
Cvelist
Cvelist
added 2017/06/08 4:0 p.m.34 views

CVE-2014-8687

Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens...

9.8AI score0.43813EPSS
Exploits7References6
OSV
OSV
added 2017/04/10 3:59 a.m.4 views

CVE-2016-5069

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL...

9.8CVSS5.8AI score0.01342EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/04/10 3:0 a.m.19 views

CVE-2016-5069

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL...

9.6AI score0.01342EPSS
Exploits1References1
CVE
CVE
added 2017/04/10 3:0 a.m.42 views

CVE-2016-5069

CVE-2016-5069 affects Sierra Wireless GX440 devices running ALEOS firmware 4.3.2, where session tokens are guessable and exposed in the URL. The vulnerability allows an attacker to potentially access the management web application, per NVD entry and CNVD-2017-16017, which notes a fixed session vu...

9.8CVSS9.4AI score0.01342EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2017/03/31 3:17 a.m.9 views

Leakage Of Session Tokens

fh-wfm-user is vulnerable to leakage of session tokens. The vulnerability exists as the session tokens are stored in the client's LocalStorage instead of being stored in a cookie with the secure and HttpOnly flags...

6.4AI score
Exploits0
Rows per page
Query Builder