CVE-2025-67446

Improper Authentication Authentication Bypass exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value e.g., setting it to "admin", an attacker can bypass the authentication schema and gain...

CVE-2018-25318 Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change

Tenda FH303/A300 firmware V5.07.68EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...

The vulnerability of Safari browser and iOS operating system allows attackers to gain access to protected information.

The vulnerability of the Content Security Policy implementation in the WebKit component of the Safari browser and the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, acting remotely, to gain access to protected...

Citrix NetScaler Web Management Cookie Weakness

Citrix NetScaler Web Management Cookie Weakness Product: Citrix NetScaler http://www.citrix.com/lang/English/ps2/index.asp Background: For most web application logins a user fills out an HTTP form, which sets up the user with a session cookie. The cookie content is merely a session ID, which allo...

Mandrake Linux Security Advisory : kdebase (MDKSA-2003:091)

A vulnerability was discovered in all versions of KDE 2.2.0 up to and including 3.1.3. KDM does not check for successful completion of the pamsetcred call and in the case of error conditions in the installed PAM modules, KDM may grant local root access to any user with valid login credentials. It...