PT-2025-26675 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: Apache affected versions not specified Description: The issue allows an unauthenticated attacker to conduct brute force guessing and account takeover due to predictable session cookies. This could potentially allow attackers to gain root,...

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

CVE-2012-6571

The HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a...

CVE-2010-4304

The web interface in Cisco Unified Videoconferencing UVC System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit MCU uses...

CVE-2024-58134

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

CVE-2024-47945

The vulnerability CVE-2024-47945 affects the Rittal IoT Interface & CMC III Processing Unit (prior to version 6.21.00.2). Root cause: insufficient entropy in the session ID generation, with session IDs being predictable (only 32,768 per user) due to use of insecure rand() and missing srand(), so ...

CVE-2024-47945 Predictable Session ID

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

Novell EDirectory DHOST Predictable Session Cookie

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell eDirectory DHOST Predictable Session Cookie', 'Description' = %q This module is able to predict the next session cookie value issued by th...

PT-2024-25703 · Ipmi · Ipmi

Name of the Vulnerable Software and Affected Versions: IPMI affected versions not specified Description: The issue concerns implementations of IPMI Authenticated sessions that do not provide enough randomness, making them susceptible to session hijacking. An attacker can exploit this by using...

Moxa IKS, EDS Improper Restriction of Excessive Authentication Attempts (CVE-2019-6524)

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Moxa IKS, EDS Buffer Copy Without Checking Size of Input (CVE-2019-6557)

Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...

Moxa IKS, EDS Out-of-Bounds Read (CVE-2019-6522)

Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. This plugin only works with Tenable.ot. Please visit...

Moxa IKS, EDS Uncontrolled Resource Consumption (CVE-2019-6559)

Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack

Exploit Title: Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production...

CVE-2023-28395 CVE-2023-28395

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

CVE-2021-42949

The component controllalogin function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks...

CVE-2021-42949

The component controllalogin function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks...

Authentication flaw

The component controllalogin function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks...

UBUNTU-CVE-2021-42949

The component controllalogin function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks...