CVE-2020-36925 Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

PT-2022-26578 · W&T · W&T Comserver Series

Name of the Vulnerable Software and Affected Versions: W&T Comserver Series products affected versions not specified Description: The issue concerns the allocation of session IDs, which uses a small number space. This allows an unauthenticated remote attacker to brute force a user's session ID...

CVE-2020-14017

An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the...

Vodafone Mobile Wifi - Reset Admin Password

Vodafone Mobile Wifi - Reset Admin Password import urllib2 import json from datetime import datetime, timedelta import time import httplib from threading import Thread from Queue import Queue from multiprocessing import process print """ Vodafone Mobile WiFi - Password reset exploit Daniele...