CVE-2018-19513

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...

CVE-2018-19513

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...

CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

CVE-2018-19513

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...

CVE-2019-0729

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'...

CVE-2019-6563

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device...

CVE-2019-6563

CVE-2019-6563 affects Moxa IKS and EDS industrial switches. The issue is a predictable cookie generated with an MD5 hash, which can enable an attacker to capture the administrator’s password and potentially achieve full device compromise. Affected products include IKS-G6824A (v5.6 and prior), EDS...

CVE-2019-6563

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device...

Default credentials

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device...

Nextcloud: Predictable Random Number Generator

Description: The mobile application uses a predictable Random Number Generator RNG. Under certain conditions this weakness may jeopardize mobile application data encryption or other protection based on randomization. For example, if encryption tokens are generated inside of the application and an...

GHSA-6CPC-MJ5C-M9RQ Arbitrary File Write in cli

Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...

Arbitrary File Write in cli

Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...

EulerOS 2.0 SP3 : rpm (EulerOS-SA-2019-1043)

According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files...

devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery

devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLANAr 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative...

devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter whi...

U.S. Dept Of Defense: Information Disclosure (can access all ███s) within ███████ view █████████ Portal

Summary: Once ███████ authenticated I did not mess around to see if I could reproduce without authentication, any user can view any ██████████ simply by changing the offasgid HTTP GET parameter value in the ██████ view █████████ portal link. Description: I was looking through my previous ███████s...

The vulnerability of the JunOS operating system allows attackers to carry out attacks using predictable IP IDs.

The vulnerability of the JunOS operating system is related to the predictability of port IP IDs. Exploiting this vulnerability allows a remote attacker to carry out attacks using predictable IP IDs...

CVE-2019-0007

The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during...

CVE-2019-0007

The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during...

Design/Logic Flaw

The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during...