Lucene search
K

69 matches found

NVD
NVD
added 2015/03/10 2:59 p.m.27 views

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

5CVSS6.6AI score0.019EPSS
Exploits0References1
Prion
Prion
added 2015/03/10 2:59 p.m.16 views

Design/Logic Flaw

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

5CVSS7.2AI score0.019EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/03/10 2:0 p.m.33 views

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

6.6AI score0.019EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2015/03/10 2:0 p.m.52 views

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

5CVSS6.7AI score0.019EPSS
Exploits0
NVD
NVD
added 2014/12/10 12:59 a.m.17 views

CVE-2014-8496

Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack...

10CVSS6.9AI score0.02397EPSS
Exploits1References1
Prion
Prion
added 2014/12/10 12:59 a.m.12 views

Session fixation

Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack...

10CVSS7.3AI score0.02397EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/08/01 12:0 a.m.25 views

Tridium Niagara AX Web Server < 3.5.40.3 / 3.6 < 3.6.47.3 Multiple Vulnerabilities

Binary data 8348.prm...

7.8CVSS6.8AI score0.02542EPSS
Exploits0References6
CERT
CERT
added 2013/06/26 12:0 a.m.134 views

Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net firmware exposes private root SSH key

Overview Digital Alert Systems DASDEC and Monroe Electronics One-Net E189 Emergency Alert System EAS devices exposed a shared private root SSH key in publicly available firmware images. An attacker with SSH access to a device could use the key to log in with root privileges. Description The Digit...

10CVSS9.6AI score0.13446EPSS
Exploits0References25
NVD
NVD
added 2011/02/08 10:0 p.m.14 views

CVE-2011-0887

The web management portal on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie...

4.3CVSS6.6AI score0.04668EPSS
Exploits6References8
Prion
Prion
added 2011/02/08 10:0 p.m.16 views

Design/Logic Flaw

The web management portal on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie...

4.3CVSS7.2AI score0.04668EPSS
Exploits6References8Affected Software1
Cvelist
Cvelist
added 2011/02/08 9:0 p.m.26 views

CVE-2011-0887

The web management portal on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie...

6.6AI score0.04668EPSS
Exploits6References8
CVE
CVE
added 2011/02/08 9:0 p.m.49 views

CVE-2011-0887

The CVE-2011-0887 entry refers to the Comcast DOCSIS 3.0 Business Gateway (SMCD3G-CCR) web management portal. Affected firmware prior to 1.4.0.49.2 uses a predictable session ID (“userid” cookie) derived from epoch time, enabling brute-forcing to hijack active sessions. Trustwave’s SpiderLabs adv...

4.3CVSS6.7AI score0.04668EPSS
Exploits6References8Affected Software2
NVD
NVD
added 2010/11/22 8:0 p.m.23 views

CVE-2010-4304

The web interface in Cisco Unified Videoconferencing UVC System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit MCU uses...

6.4CVSS6.6AI score0.01196EPSS
Exploits0References3
Prion
Prion
added 2010/11/22 8:0 p.m.17 views

Command injection

The web interface in Cisco Unified Videoconferencing UVC System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit MCU uses...

6.4CVSS7.1AI score0.01196EPSS
Exploits0References3Affected Software7
Cvelist
Cvelist
added 2010/11/22 7:0 p.m.28 views

CVE-2010-4304

The web interface in Cisco Unified Videoconferencing UVC System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit MCU uses...

6.6AI score0.01196EPSS
Exploits0References3
CVE
CVE
added 2010/11/22 7:0 p.m.53 views

CVE-2010-4304

The CVE affects Cisco Unified Videoconferencing (UVC) System components: 3545, 5110, 5115, 5230; 3527 PRI Gateway; 3522 BRI Gateway; and 3515 MCU. Root cause is predictable session IDs based on time values, enabling remote attackers to hijack sessions through brute-force. No exploit details are p...

6.4CVSS6.8AI score0.01196EPSS
Exploits0References3Affected Software4
NVD
NVD
added 2009/07/08 3:30 p.m.18 views

CVE-2009-2367

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sessionid parameter...

9.8CVSS9.5AI score0.23195EPSS
Exploits3References4
Prion
Prion
added 2009/07/08 3:30 p.m.18 views

Design/Logic Flaw

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sessionid parameter...

7.5CVSS7.5AI score0.23195EPSS
Exploits3References4
Cvelist
Cvelist
added 2009/07/08 3:0 p.m.23 views

CVE-2009-2367

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sessionid parameter...

9.6AI score0.23195EPSS
Exploits3References4
CVE
CVE
added 2009/07/08 3:0 p.m.71 views

CVE-2009-2367

The CVE-2009-2367 entry concerns the Iomega StorCenter Pro NAS web interface (cgi-bin/makecgi-pro) generating predictable session IDs. The Connected documents confirm exploitability via brute-force guessing of the session_id parameter to hijack active sessions and gain administrative access. A Me...

9.8CVSS9.4AI score0.23195EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder