Arteco Web Client DVR/NVR - 'SessionId' Brute Force

Exploit Title: Arteco Web Client DVR/NVR - 'SessionId' Brute Force Date: 16.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.arteco-global.com !/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit Vendor: Arteco S.U.R.L. Product we...

Arteco Web Client DVR/NVR Session Hijacking Vulnerability

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream. !/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute...

CVE-2020-17046

creationtimestamp| type| source ---|---|--- 2020-11-11 12:35:19+00:00| seen| https://t.me/cibsecurity/16161...

www1.hutchcc.edu Cross Site Scripting vulnerability OBB-1439390

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploit for Expression Language Injection in Sonatype Nexus

PoC exploit for CVE-2020-10199, a remote code execution vulnerab...

Authentication Bypass

scheb/two-factor-bundle is vulnerable to authentication bypass. The 2-factor authentication can be bypassed by logging in with the REMEMBERME cookie and subsequently removing the SESSIONID key...

Security Bulletin: 10x vulnerability in IBM Control Center could allow an outside user to obtain the ID (CVE-2017-1152)

Summary IBM 10x vulnerability in IBM Control Center does not properly update the session id which could allow a user to obtain the ID in further attacks against the system. Vulnerability Details CVEID: CVE-2017-1152 DESCRIPTION: IBM Sterling Global Integration On-Demand Environment does not...

Huawei B315s-22 - Information Leak Vulnerability

Exploit for hardware platform in category web applications Product Family: LTE Model B315s – 22 Firmware version: 21.318.01.00.26 Author: Usman Saeed usman at xc0re.net 1. Unauthenticated access to sensitive files: It was observed that the web application running on the router, allows...

Directory Traversal

github.com/astaxie/beego is vulnerable to directory traversal. The library does not properly sanitize the sessionID field, allowing a malicious user to pass a string with the ./ characters through this field to traverse the directory and gain access to sensitive files...

D-Link DIR-615 Denial Of Service

Exploit Title: D-Link DIR-615 - Denial of Service PoC Date: 2018-08-09 Vendor Homepage: http://www.dlink.co.in Hardware Link: https://www.amazon.in/D-Link-DIR-615-Wireless-N300-Router-Black/dp/B0085IATT6 Version: D-Link DIR-615 Category: Hardware Exploit Author: Aniket Dinda Tested on: Linux kali...

CVE-2018-7773

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter...

Sql injection

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter...

CVE-2018-1532

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430...

Cross site request forgery (csrf)

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430...

CVE-2018-7314

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429...

Sql injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429...

Information Disclosure

uaa-identity is vulnerable to information disclosure. The SessionID is logged in the audit even logs. This allows attackers who can gain access to the logs to impersonate a logged-in user...

Code injection

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versio...

CVE-2018-1192

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versio...

CVE-2018-1192

The CVE-2018-1192 issue affects Cloud Foundry components: cf-release (< v285), cf-deployment (< v1.7), UAA (< 4.5.5 in 4.5.x; < 4.8.3 in 4.8.x; < 4.7.4 in 4.7.x), and UAA-release (< 45.7, < 52.7,