Code injection

A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device...

CVE-2020-27556

A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device...

CVE-2020-27556

The CVE-2020-27556 entry concerns BASETech GE-131 BT-1837836 Wi‑Fi IP CCTV camera firmware 20180921, where a predictable device ID enables unauthenticated remote connection to the device. This is corroborated by NVD, RH, CNVD-style entries in the connected documents. No specific exploit details o...

CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

Feroxbuster - A Fast, Simple, Recursive Content Discovery Tool Written In Rust

What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What's it do tho? feroxbuster is a tool designed to perform Forced Browsing. Forced browsing is an attack where the aim is to enumerate...

CVE-2020-27743

libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...

Predictable Password

The cloud-init is using predictable password. It uses andom.choice when generating random password...

CVE-2020-26107

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...

Code injection

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...

CVE-2020-26107

Summary: CVE-2020-26107 affects cPanel prior to 88.0.3, where an upgrade establishes predictable PowerDNS API keys, per multiple connected sources. Affected software: cPanel versions before 88.0.3. Root cause / vulnerability detail: During upgrade, the process creates predictable API keys for Pow...

Default credentials

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The librar...

CVE-2020-15958

An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...

Design/Logic Flaw

An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...

CVE-2020-15958

An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...

Mitsubishi Electric MELSEC iQ-F Predictable TCP Sequence Number Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mitsubishi Electric MELSEC iQ-F. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ACK packets. When generating ACK packets, the...

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

GHSA-V3JV-WRF4-5845 Local Privilege Escalation in npm

Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write t...

Huawei EulerOS: Security Advisory for libqb (EulerOS-SA-2020-1863)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...