403 matches found
CVE-2022-4873
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location...
CVE-2021-3304
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI...
CVE-2020-5224
In Django User Sessions django-user-sessions before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the...
CVE-2020-11728
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...
CVE-2010-3323
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKDSESSIONKEY parameter...
CVE-2006-4943
course/jumpto.php in Moodle before 1.6.2 does not validate the session key sesskey before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter...
CVE-2024-58135
Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and used for authenticating and protecting...
CVE-2024-58135
Mojolicious (Perl) vulnerability CVE-2024-58135: default app skeleton generation using mojo generate app writes a weak HMAC session secret via the insecure rand() function, enabling potential brute-forcing of session keys. Affected: Mojolicious versions from 7.28 for Perl (and related 0.999922–9....
CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default
Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...
Solstice Pod 5.5 / 6.2 Information Disclosure
Solstice Pod versions 5.5 and 6.2 expose sensitive information such as the session key, server version, product details, and display name via an unauthenticated API. Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwi...
CVE-2024-53406
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...
CVE-2024-53406
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...
CVE-2024-53406
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...
CVE-2024-53406
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...
CVE-2024-53406
CVE-2024-53406 affects Espressif ESP-IDF v5.3.0. The issue is described as insecure permissions that enable authentication bypass, with the reconnection phase reusing a prior session key, creating a foothold for security bypass attacks. The documented CVSS v3.1 base score is 8.8 (HIGH) with netwo...
CVE-2024-53406
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...
Linux Distros Unpatched Vulnerability : CVE-2023-45287
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but...
Linux Distros Unpatched Vulnerability : CVE-2017-2625
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could...
Qualcomm Chipsets 授权问题漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An authorization issue vulnerability exists in Qualcomm Chipsets that stems from information disclosure during session key derivation...
CVE-2022-24400
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...