Design/Logic Flaw

Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmtrand in order to generate password reset tokens. mtrand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an...

PT-2022-7862 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo affected versions not specified Description: The issue affects Piwigo, an image gallery software written in PHP. When certain criteria are not met on a host, Piwigo defaults to using mt rand to generate password reset tokens. The outpu...

GLSA-202107-03 : libqb: Insecure temporary file

The remote host is affected by the vulnerability described in GLSA-202107-03 libqb: Insecure temporary file It was discovered that libqb used predictable filenames under /dev/shm and /tmp without OEXCL. Impact : A local attacker could perform symlink attacks to overwrite arbitrary files with the...

CVE-2021-34600 Telenot complex: Insecure AES Key Generation

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation...

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...

Amios Emuse-eServices/eNvoice has an unspecified vulnerability

Amios Emuse-eServices/eNvoice is an electronic invoicing service from the Israeli company Amios. It is a digital interface that simplifies the collection process and automatically sends invoices to customers via email. Amios Emuse-eServices/eNvoice suffers from a security vulnerability that stems...

CVE-2021-36723

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service...

Code injection

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service...

CVE-2021-36723 Emuse - eServices / eNvoice Exposure Of Private Personal Information

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service...

Amios Emuse - eServices/ eNvoice 信息泄露漏洞

Amios Emuse-eServices/eNvoice is an electronic invoicing service from the Israeli company Amios. It is a digital interface that simplifies the collection process and automatically sends invoices to customers via email. Amios Emuse-eServices/eNvoice suffers from a security vulnerability that stems...

PT-2021-21327 · Emuse · Emuse

Name of the Vulnerable Software and Affected Versions: Emuse - eServices / eNvoice affected versions not specified Description: The issue concerns the exposure of private personal information due to a lack of identification mechanisms and predictable IDs. An attacker can exploit this to scrape al...

systemd bug fix and enhancement update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

CVE-2021-43828 Improper Privilege Management in Patrowl

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

Important: cyrus-imapd

Issue Overview: A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this...

Exploit for Use of a One-Way Hash with a Predictable Salt in Redux Gutenberg_Template_Library_\&_Redux_Framework

CVE-2021-38314 Python Exploit Detail The Gutenberg Templat...

CVE-2021-38283

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...

Design/Logic Flaw

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...

CVE-2021-38377

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results...

CVE-2021-38377

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results...