Tenda N300 授权问题漏洞

The Tenda N300 is a router from China-based Tenda. The Tenda N300 suffers from an authorization issue vulnerability that stems from the use of login credentials as a session ID, which could allow a remote attacker to hijack an authenticated session by intercepting network traffic and capturing th...

PT-2026-2150

Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers are susceptible to a flaw stemming from the use of login credentials as the session ID via the web-based administrative interface. A remote attacker could...

CVE-2013-6347

Session fixation vulnerability in Novell ZENworks Configuration Management ZCM before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors...

EUVD-2021-23740

Malware in sbrugna...

EUVD-2001-0722

Malware in sbrugna...

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. "The flaws, affecting the device's ONVIF protocol and file upload handlers, allow...

Exploit for CVE-2025-51864

CVE-2025-51864 Vulnerability description AIBOX is a web...

ROS-20240816-10

A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...

DLink DIR < 2.17.b02 (SAP10018)

The version of DLink DIR installed on the remote host is prior to 2.17.b02. It is, therefore, affected by a vulnerability as referenced in the SAP10018 advisory. - Multiple cross-site request forgery CSRF vulnerabilities in D-Link DIR-600 router rev. Bx with firmware before 2.17b02 allow remote...

CVE-2023-23482

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...

PT-2023-3518 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to 8 Description: The issue is related to a flaw in the TCP/IP protocol implementation in Windows operating systems, specifically concerning authentication procedure weaknesses. This can be exploited by a remote attacke...

SUSE CVE-2013-1399

Multiple cross-site request forgery CSRF vulnerabilities in the 1 node request management, 2 live management, and 3 user administration components in the console in Puppet Enterprise PE before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2022-22503

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

CVE-2021-29865

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...

GHSA-3VHR-F5XR-8VPX Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack

Cross-site request forgery CSRF vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method...

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

Design/Logic Flaw

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...

Design/Logic Flaw

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

CVE-2021-20636

Cross-site request forgery CSRF vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted...