Insecure Cookies

atlas-webapp is vulnerable to insecure cookies. The library uses a predictable cookie name in the webapp. This can allow a malicious user to access sensitive data contained in the cookies...

Predictable Filenames

netty-codec-http is vulnerable to predictable filenames for the temporary files. The vulnerability exists because it takes user provided file name as part of the temporary file name, allowing a malicious user to overwrite arbitrary files via a symlink attack...

Trend Micro Threat Discovery Appliance Authentication Bypass Vulnerability

Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A security vulnerabili...

Authentication flaw

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value...

CVE-2016-8584

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value...

CVE-2016-8584

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value...

CVE-2016-8584

CVE-2016-8584 affects Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier, where predictable session values enable remote attackers to bypass authentication by guessing the session value. The description states an authentication bypass via session generation, with CVSS metrics indicatin...

Unspecified vulnerability in libxslt math.random function

libxslt is an XSLT XML Language for Defining XML Transformations C library developed for the GNOME project. A security vulnerability exists in libxslt 1.1.29 and earlier versions due to the program failing to initialize the EXSLT math.random function with a random seed. An attacker could use this...

Nintendo 3DS DNS Client Resolver Predictable TXID

Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from...

Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID

I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from spoofing responses. For example, see MS08-020 when this happened...

Nintendo 3DS DNS Client Resolver Predictable TXID Vulnerability

The Nintendo 3DS DNS client resolver library uses a predictable incremented TXID allowing for the spoofing of responses. Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on th...

CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs...

Code injection

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs...

CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs...

UBUNTU-CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs...

CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs...

CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs...

CVE-2015-4624

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens...

CVE-2015-4624

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens...

Schneider Electric Modicon PLCs

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon PLCs Vulnerability: Predictable Value Range from Previous Values, Use of Insufficiently Random Values, Insufficiently Protected Credentials AFFECTED PRODUCTS The following version...