CVE-2010-3440

babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files...

Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name

!/usr/bin/env python -- coding: utf8 -- Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name Exploit Authentication Bypass Login with MD5 hash CVE: CVE-2019-7666, CVE-2019-7667 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper:...

FlexAir Access Control 2.3.35 - Authentication Bypass

FlexAir Access Control 2.3.35 - Authentication Bypass Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...

FlexAir Access Control 2.3.35 - Authentication Bypass Exploit

Exploit for hardware platform in category web applications Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...

FlexAir Access Control 2.3.35 - Authentication Bypass

Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 2.3.35 Tested on: NA...

Rockwellautomation 1763-l16awa Use of Insufficiently Random Values

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series...

DEBIAN-CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

Code injection

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

GHSA-RC75-CF5C-MXVH Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...

Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...

Arbitrary File Overwrite

libqb is vulnerable to arbitrary file overwrite. An attacker is able to overwrite arbitrary files via a symlink attack due to the usage of predictable filenames under /dev/shm and /tmp without OEXCL...

Amazon Linux 2 : keycloak-httpd-client-install (ALAS-2019-1324)

It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service.CVE-2017-15111 In keycloak-http-client-install prior to version 0.8, the admi...

CVE-2017-15111

It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service...

CVE-2018-2599

It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...

CVE-2019-17105

The token generator in index.php in Centreon Web before 2.8.27 is predictable...

CVE-2019-17105

The token generator in index.php in Centreon Web before 2.8.27 is predictable...