CVE-2025-10148 predictable WebSocket mask

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

CVE-2024-5634

Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy. Additionally, every camera with the same firmware version shares the same...

Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack

Exploit Title: Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production...

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking Vulnerabilities

Osprey Pump Controller version 1.0.1 has an ELF binary called MirageCreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploitin...

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

Acronis True Image Denial of Service Vulnerability

Acronis True Image is a well-known data backup and restore software from Singapore-based Acronis. Acronis True Image 2020 version 24.5.22510 contains a denial of service vulnerability that stems from the program's logs being generated in a predictable pattern, allowing a non-privileged user to...

Design/Logic Flaw

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a not yet created log file to...

ASTPP 4.0.1 VoIP Billing - Database Backup Download Vulnerability

Exploit for linux platform in category web applications Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup...

ASTPP 4.0.1 VoIP Billing - Database Backup Download

Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script Tested on: Debian 9 - CentOS 7 CV...

CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...