CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)

Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS, which could result in information disclosure issues involving the Automox infrastructure. CVE-2021-26908 describes a vulnerability where Automox Agent improperly logs sensitive information on...

CVE-2021-25375

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment...

Open redirect

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment...

CVE-2021-25375

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment...

CVE-2021-28099

In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...

Amazon Linux AMI : cloud-init (ALAS-2021-1486)

The version of cloud-init installed on the remote host is prior to 0.7.6-43.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1486 advisory. A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used...

WordPress < 4.4 Weak PNG Vulnerability

WordPress is using a weak Pseudorandom Number Generator PNG for password reset tokens. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

USN-4842-1: ntopng vulnerability

It was discovered that ntopng did not properly seed its random number generator, leading to predictable session tokens. An attacker could use this vulnerability to hijack a user's session...

SUSE SLES12 Security Update : s390-tools (SUSE-SU-2021:0776-1)

This update for s390-tools fixes the following issues : Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. CVE-2021-25316: Do not use predictable temporary file names bsc1182777. Made the...

CVE-2020-27632

In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions...

OwnCloud Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-18359)

OwnCloud OwnCloud is a personal cloud storage solution from OwnCloud Owncloud, an American company. A privilege permission and access control issue vulnerability exists in OwnCloud Server, which can be exploited by an attacker to access any version of any file by sending a request with a...

Siemens Energy PLUSCONTROL 1st Gen

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PLUSCONTROL Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could affect integrity of TCP...

CVE-2020-28597

A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...

Default credentials

A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...

CVE-2020-28597

Epignosis EfrontPro 5.2.21 is affected by a password reset vulnerability where the reset token is generated from a predictable seed, enabling an attacker to reset passwords via the password-reset URL. Talos details show the hash is md5(reset_password_timestamp + login) and that the vulnerability ...

CVE-2021-21352

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess...

Design/Logic Flaw

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess...

CVE-2021-21352 Predictable tokens used for password resets

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess...

TimeTracker 安全特征问题漏洞

Anuko TimeTracker is Anuko an open source application . Provides a Web-based open source time tracking application written in PHP. A security vulnerability exists in TimeTracker before version 1.19.24.5415, which stems from the fact that the token used in the password reset feature is based on...

PT-2021-11567 · Epignosis · Epignosis Efrontpro

Name of the Vulnerable Software and Affected Versions: Epignosis EfrontPro version 5.2.21 Description: A predictable seed vulnerability exists in the password reset functionality. By predicting the seed, it is possible to generate the correct password reset 1-time token. An attacker can visit the...