17 matches found
EUVD-2011-4434
Malware in sbrugna...
EUVD-2002-1981
Malware in sbrugna...
CVE-2024-53702
Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...
Zero address Salt used in Creating delegate contract
Lines of code Vulnerability details Impact A zero-valued salt used, means an attacker can predict the contract address of a new delegate, this can lead an attacker to create the ERC20ProxyDelegator on behalf of the user, this is to allow for max access to the tokens to be transfered Proof of...
FusionCMS (FusionGen) Takeover account - Predictable Key and Password Generation in Password Recovery Feature
Description It was discovered that the password recovery feature on the website is vulnerable to predictable key and password generation. An attacker is able to predict the key used in the password recovery process and the generated password itself by using a specific PHP command and the user's...
The vulnerability of the PV_DecodePredictedIntraDC function (dec_pred_intra_dc.cpp) in the Android operating system allows a hacker to execute arbitrary code.
The vulnerability of the PVDecodePredictedIntraDC function decpredintradc.cpp in the Android operating system is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
CVE-2022-28693
Unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...
CVE-2020-26516
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...
Cross site request forgery (csrf)
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...
CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
NSA Announces Sandworm Actors Exploiting Exim MTA Vulnerability (CVE-2019-10149)
The Exim MTA vulnerability, initially reported by Qualys in May 2019, is currently being exploited in the wild. Recently, the US National Security Agency NSA announced that Sandworm actors Russian hacker group have been actively exploiting the Exim Mail Transfer Agent vulnerability. Qualys releas...
DEBIAN-CVE-2013-0342
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...
CVE-2019-2184
In PVDecodePredictedIntraDC of decpredintradc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1...
CVE-2015-7442
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value...
Code injection
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value...
MGASA-2013-0359 Updated drupal package fixes security vulnerabilities
Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations CVE-2013-6385. Drupal core directly used the mtrand pseudorandom number...
PT-2008-6306 · Freebsd · Freebsd
Name of the Vulnerable Software and Affected Versions: FreeBSD versions 6.3 through 7.1 Description: The issue is related to the arc4random function in the kernel, which lacks a proper entropy source for a short time period immediately after boot. This makes it easier for attackers to predict the...