CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

CVE-2026-5080

CVE-2026-5080 affects Dancer::Session::Abstract for Perl up to version 1.3522. The insecure session IDs are generated by summing the absolute pathname’s character codepoints with the process ID, epoch time, and multiple rand() calls, then concatenating the result three times. Factors such as know...

Exploit for CVE-2026-41940

cPanel/WHM Auth Bypass Scanner & Exploit Tool A Go command-li...

Linux Distros Unpatched Vulnerability : CVE-2025-40931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The...

CVE-2025-30042 Session generation possible with certificate number only

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...

CVE-2025-30042 Session generation possible with certificate number only

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...

CVE-2026-27755

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

CVE-2026-27755 SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

Concierge::Sessions 安全漏洞

Concierge::Sessions is a user management system developed by Bruce Van Allen personally. Versions of Concierge::Sessions prior to 0.8.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of the generatesessionid function, which defaults to using the uuidgen command to...

CVE-2025-30064

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

CVE-2025-2079

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT JSON Web Token sessions...

Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)

In the last few months, I have been testing several Trend Micro products with Steven Seeley @steventseeley. Together, we have found more than 200+ RCE Remote Code Execution vulnerabilities and for the first time we presented the outcome of our research at Hack In The Box 2017 Amsterdam in April...

Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass

!/usr/bin/python """ Trend Micro Threat Discovery Appliance = 2.6.1062r1 Session Generation Authentication Bypass Vulnerability Found by: Roberto Suggi Liverani - @malerisch - http://blog.malerisch.net/ & Steven Seeley of Source Incite File: TDAInstallationCD.2.6.1062r1.enUS.iso sha1:...

Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass Exploit

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability. !/usr/bin/python """ Trend Micro Threat Discovery Appliance = 2.6.1062r1 Session Generation Authentication Bypass Vulnerability Found by: Roberto Suggi Livera...

ESC 8832 Data Controller Multiple Vulnerabilities

Exploit for hardware platform in category web applications =begin Exploit Title: ESC 8832 Data Controller multiple vulnerabilities Date: 2014-05-29 Platform: SCADA / Web Application Exploit Author: Balazs Makany Vendor Homepage: www.envirosys.com Version: ESC 8832 Data Controller Hardware Tested...

ESC 8832 Data Controller - Multiple Vulnerabilities

ESC 8832 Data Controller - Multiple Vulnerabilities =begin Exploit Title: ESC 8832 Data Controller multiple vulnerabilities Date: 2014-05-29 Platform: SCADA / Web Application Exploit Author: Balazs Makany Vendor Homepage: www.envirosys.com Version: ESC 8832 Data Controller Hardware Tested on: ESC...

ESC 8832 Data Controller Session Hijacking

=begin Exploit Title: ESC 8832 Data Controller multiple vulnerabilities Date: 2014-05-29 Platform: SCADA / Web Application Exploit Author: Balazs Makany Vendor Homepage: www.envirosys.com Version: ESC 8832 Data Controller Hardware Tested on: ESC 8832 Data Controller Hardware CVE : N/A Yet POC for...

ap205-gen.txt

!/usr/bin/perl -w Advanced Poll 2.0.0 = 2.0.5-dev textfile admin session gen. 0day! KEEP IT PRIVATE 0day! date: 30/07/06 diwou PHCKSEC c 2001-2006. see templates for code execution ;. use strict; use warnings; use LWP::UserAgent; use MD5; my...