Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 2021/09/13 8:15 a.m.10 views

CVE-2021-40867

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...

7.8CVSS0.00162EPSS
Exploits1References2
Prion
Prionadded 2021/09/13 8:15 a.m.16 views

Race condition

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...

5.4CVSS7AI score0.00162EPSS
Exploits1References2Affected Software20
Prion
Prionadded 2020/11/24 7:15 p.m.13 views

Authentication flaw

Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET...

7.5CVSS9.3AI score0.01449EPSS
Exploits2References2Affected Software1
Cvelist
Cvelistadded 2020/11/24 6:3 p.m.11 views

CVE-2020-28333

Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET...

9.4AI score0.01449EPSS
Exploits2References2
CVE
CVEadded 2020/11/24 6:3 p.m.95 views

CVE-2020-28333

Barco wePresent WiPG-1600W (firmware 2.5.1.8 affected) is vulnerable to an authentication bypass due to the SEID token being passed in URLs (no session cookies tracked for authenticated sessions). An attacker who captures the SEID and can originate requests from the same IP (e.g., via NAT or a pr...

9.8CVSS9.2AI score0.01449EPSS
Exploits2References2Affected Software1
0day.today
0day.todayadded 2020/11/21 12:0 a.m.22 views

Barco wePresent WiPG-1600W Authentication Bypass Vulnerability

The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history...

9.8CVSS9.4AI score0.01449EPSS
Exploits2
OSV
OSVadded 2017/11/17 2:29 p.m.2 views

CVE-2017-4934

VMware Workstation 12.x before 12.5.8 and Fusion 8.x before 8.5.9 contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host...

8.8CVSS6AI score
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2008/07/10 12:0 a.m.56 views

Debian DSA-1603-1 : bind9 - DNS cache poisoning

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's BIND 9 packages to implement the recommended...

6.8CVSS6.6AI score0.87662EPSS
Exploits20References4
OSV
OSVadded 2008/07/08 12:0 a.m.48 views

DSA-1603-1 bind9 - cache poisoning

Bulletin has no description...

6.8CVSS6.9AI score0.87662EPSS
Exploits20
Rows per page
Query Builder