CVE-2016-8712

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds...

CVE-2016-0883

Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...

CVE-2016-0883

CVE-2016-0883 affects Pivotal Cloud Foundry Ops Manager prior to 1.5.14 and 1.6.x prior to 1.6.9. The issue is that the same cookie-encryption key was used across different customers’ installations, enabling remote attackers to bypass session authentication by leveraging knowledge of the key from...

CVE-2016-0883

Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...

Advantech WebAccess Remote Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certai...

CVE-2014-1673

Check Point Session Authentication Agent allows remote attackers to obtain sensitive information user credentials via unspecified vectors...

CVE-2014-1673

Technical details (affected product/version, exploit vectors, root cause) are not provided in the connected documents. No public specifics available; monitor for updates.

CVE-2014-1673

Check Point Session Authentication Agent allows remote attackers to obtain sensitive information user credentials via unspecified vectors...

Check Point response to Session Authentication Agent vulnerability

...

Quick Paypal Payments 3.0 - Presistant XSS (0day)

Exploit for php platform in category web applications TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================...

WordPress Dexs PM System Cross Site Scripting

=============================================================================== | | / / / / / / // / / -alert'xss'; --- SNIP --- If the message has been sent successfully a alert diolog will apear containing xss when an user checks there...

CVE-2012-5886

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...

Potential Buffer Overflow During HTTP Session Authentication

...

Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability

The host is running SMB/NETBIOS and prone to authentication bypass Vulnerability OpenVAS Vulnerability Test $Id: gbmswindowssmbsharepasswdnullsecbypassvuln.nasl 7550 2017-10-24 12:17:52Z cfischer $ Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability Authors: Antu Sanadi...

luocms 2.0 add administrator vulnerability...attached to the POST EXP-vulnerability warning-the black bar safety net

LUOCMS is a paragraph based on PHP+MYSQL article management system, easy-to-use, full DIV+CSS architecture, the whole Station HTML, good internal structure, more suitable for website optimization promotion. This author's idea is that the user can directly see the files on the session authenticati...

High Bay articles system is the latest version 0Day analysis-vulnerability warning-the black bar safety net

Bored online in scurry, who is actually known found a website is to hang a horse. A closer look at the site, it scared me a big jump, is hanging horse website turned out to be the High-Bay articles system web site. www.gaobei.com. Even the official are hanging out with horses, don't have the...

phpaa cms 0day and fix-vulnerability warning-the black bar safety net

Author:BlAck. Eagle cookie spoofing Vulnerabilityfile:/admin/global.php 1. ? php 2. / 3. Background public profile 4. 5. For the background application is initialized, a background verify permissions, etc. 6. / 7. requireonce '../data/config.inc.php'; //system initialization file 8. requireonce...

lply(v2. 0)vulnerability analysis-vulnerability warning-the black bar safety net

Article author:wwqwwq After you download the code, and looked, and there set the code style is very rigorous, somewhat object-oriented flavor. First look at the database directory, open the databases Directory, database format for the asa,this is the back to insert the phrase Trojan horse is buri...

ESCMS vulnerability website system 0day-vulnerability warning-the black bar safety net

Version:ESCMS V1. 0 SP1 Build 1 1 2 5 Background login authentication is through the admin/check. asp achieved,look at the code % if Request. cookiesCookiesKey"ESadmin"="" then 'Note that here Oh,he is by COOKIE validation ESadmin is empty,we can forge a value,called he is not empty 'CookiesKey i...

Cross-site attack to achieve Http session hijacking techniques-vulnerability warning-the black bar safety net

A Web application is by 2 ways to determine and keep track of different users: a Cookie or Sessionalso called session Cookies. Wherein the Cookie is stored on the local computer, the expiration time is very long, so for the Cookie of the means of attack is generally to steal user Cookies and then...