PYSEC-2023-189

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...

tss-lib 安全漏洞

tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 2020 1 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

aEnrich eHRD Learning Management Key Performance Indicator System 安全漏洞

The aEnrich eHRD Learning Management Key Performance Indicator System 5+ is a web-based Learning Management System LMS from aEnrich Corporation in China. A security vulnerability exists in the aEnrich eHRD Learning Management Key Performance Indicator System version 5.x. The vulnerability stems...

CVE-2022-40622

The WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator,...

CVE-2021-28844

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to applycgi via a dographauth action without a sessionid key...

CVE-2020-13416

An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery CSRF vulnerability for password resets...

CVE-2019-18418

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...

The vulnerability of the Jenkins automation server, related to the absence of a web session identifier, allows attackers to perform cross-site forgery attacks and gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server relates to the absence of a web session identifier. Exploiting this vulnerability allows a malicious actor to perform cross-site fraudulently and gain unauthorized access to protected information...

The vulnerability of the Vesta Control Panel server’s control panel lies in the lack of checking for the presence of a user session. This allows attackers to perform various manipulations on files and directories located on the server.

The vulnerability of the Vesta Control Panel’s control panel lies in the lack of checking for the presence of a user session in the files.php file web/file-manager/, which is responsible for the operation of the control panel’s file manager. Exploiting this vulnerability allows an attacker to...

The vulnerability of the ZyXEL PMG5318-B20A router allows a violator to circumvent existing access restrictions.

The vulnerability of the ZyXEL PMG5318-B20A router exists due to the absence of session termination after exiting the system. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions by using an automated workstation...

OpenFiler 2.99.1 - CSRF Vulnerability

Exploit for php platform in category web applications DoS 0day.today 2018-03-28...

OpenFiler 2.99.1 - Cross-Site Request Forgery

OpenFiler 2.99.1 - Cross-Site Request Forgery DoS...

Tomcat/JBoss Web - Bypass of CSRF prevention filter

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...