Unverified Password Change

Overview Affected versions of this package are vulnerable to Unverified Password Change via the verifynoservice process in openc3/lib/openc3/models/authmodel.rb and openc3-cosmos-cmd-tlm-api/app/controllers/authcontroller.rb. An attacker can change a password by supplying a valid session token to...

CVE-2021-31520

A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface...

HUMAX WiFi Router HG-100R DNS Hijacking Vulnerability

The HG-100R is a router. A DNS hijacking vulnerability exists in the HUMAX WiFi Router HG-100R. The vulnerability is caused by first constructing a special request to bypass the authentication of the management console. The vulnerability is due to the router failing to validate the session token...

Skype Account Service - Session Token Bypass Vulnerability

Document Title: =============== Skype Account Service - Session Token Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=762 http://www.vulnerability-lab.com/getcontent.php?id=739 MSRC ID: 13175 Release Date: ============= 2012-11-14...

Skype Account Service - Session Token Bypass Vulnerability

Document Title: =============== Skype Account Service - Session Token Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=762 http://www.vulnerability-lab.com/getcontent.php?id=739 MSRC ID: 13175 Release Date: ============= 2012-11-14...