897 matches found
Design/Logic Flaw
Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...
CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...
CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...
CVE-2017-15654
CVE-2017-15654 affects AsusWRT's HTTPd in Asus routers (versions up to 3.0.0.4.380.7743). The vulnerability stems from highly predictable session tokens generated by reseeding the RNG with time(), enabling an attacker to infer or guess a valid administrator session and gain router admin access. C...
Hewlett Packard Enterprise Intelligent Management Center operatorOnlineList_contentOnly Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...
Multiple vulnerabilities in all versions of ASUS routers
1 ASUSWRT 3.0.0.4.376 - multiple vulnerabilities in httpd server all versions of AsusWRT at the time of report to vendor, for previous 376 version see next section 1. Highly predictable session tokens The session token is generated for an authenticated user using stdlib rand function. The token...
CVE-2017-5263
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones...
CVE-2017-5263
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones...
CVE-2017-5263
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones...
Cross-site Request Forgery (CSRF)
TeamPass is vulnerable to cross-site request forgery CSRF attacks. The library does not generate session tokens for users, meaning a user can pass a malicious request as another user...
Moxa AWK-3131A Web Application Multiple Reflected Cross-Site Scripting Vulnerabilities(CVE-2016-8719)
Summary An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Tested Versions...
The vulnerability of the built-in software in Business NAS allows a perpetrator to execute arbitrary code.
The vulnerability of the built-in software in Business NAS arises from the use of cryptographic algorithms that contain defects or risks. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges, using a static encryption key t...
Uber Patches Authentication Bypass Vulnerability on Custom SSO Solution
Uber has addressed a vulnerability that allowed attackers to steal session tokens and hijack accounts. Researcher Arne Swinnen disclosed details Monday after confirming late last week that the issue had been resolved; he earned $5,000 in bounties from Uber. Swinnen said that if exploited at a lar...
CVE-2014-8687
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens...
CVE-2014-8687
CVE-2014-8687 affects Seagate Business NAS devices with firmware older than 2015.00322. The vulnerability allows remote code execution with root privileges by exploiting a static encryption key used to create session tokens, enabling unauthenticated command execution via the CodeIgniter session c...
CVE-2014-8687
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens...
CVE-2016-5069
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL...
CVE-2016-5069
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL...
CVE-2016-5069
CVE-2016-5069 affects Sierra Wireless GX440 devices running ALEOS firmware 4.3.2, where session tokens are guessable and exposed in the URL. The vulnerability allows an attacker to potentially access the management web application, per NVD entry and CNVD-2017-16017, which notes a fixed session vu...
Leakage Of Session Tokens
fh-wfm-user is vulnerable to leakage of session tokens. The vulnerability exists as the session tokens are stored in the client's LocalStorage instead of being stored in a cookie with the secure and HttpOnly flags...