Lucene search
K

69 matches found

vulnrichment
vulnrichment
added 2023/02/13 12:0 a.m.8 views

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

7.2AI score0.00504EPSS
Exploits1References1
github
github
added 2022/09/22 12:0 a.m.22 views

rdiffweb has insecure HTTP cookies

In rdiffweb prior to version 2.4.6, the cookie sessionid does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue...

5.3CVSS5.5AI score0.00396EPSS
Exploits1References5Affected Software1
huntr
huntr
added 2022/09/13 9:10 a.m.21 views

Session_id without Secure attribute

Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and get access to the minarca website, for this scenario I have used the demo/test...

5CVSS0.6AI score0.00508EPSS
Exploits1References1
huntr
huntr
added 2022/09/09 6:57 a.m.17 views

Session_id without Secure attribute

Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and access to the website, in this scenario I use the demo website. Check the cooki...

5CVSS1AI score0.00556EPSS
Exploits1
nvd
nvd
added 2022/06/14 1:15 p.m.31 views

CVE-2022-31273

An issue in TopIDP3000 Topsec Operating System tos3.3.005.665b.15smpidp allows attackers to perform a brute-force attack via a crafted sessionid cookie...

9.8CVSS0.00891EPSS
Exploits0References1
prion
prion
added 2022/06/14 1:15 p.m.23 views

Code injection

An issue in TopIDP3000 Topsec Operating System tos3.3.005.665b.15smpidp allows attackers to perform a brute-force attack via a crafted sessionid cookie...

5CVSS9.1AI score0.00891EPSS
Exploits0References1Affected Software1
cve
cve
added 2022/06/14 12:15 p.m.91 views

CVE-2022-31273

The vulnerability CVE-2022-31273 affects TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp. The issue enables brute-force attacks via a crafted session_id cookie, as documented in multiple sources (NVD/Red Hat). The cited impact in the CVE metrics indicates high confidentiality, integ...

9.8CVSS9.1AI score0.00891EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/06/14 12:15 p.m.28 views

CVE-2022-31273

An issue in TopIDP3000 Topsec Operating System tos3.3.005.665b.15smpidp allows attackers to perform a brute-force attack via a crafted sessionid cookie...

9.4AI score0.00891EPSS
Exploits0References1
nessus
nessus
added 2022/05/18 12:0 a.m.25 views

Rocky Linux 8 : libssh (RLSA-2022:2031)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2031 advisory. - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them ...

6.5CVSS6.2AI score0.04683EPSS
Exploits0References5
nvd
nvd
added 2022/03/30 11:15 p.m.18 views

CVE-2021-46010

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSIONID is predictable. An attacker can hijack a valid session and conduct further malicious operations...

8.8CVSS0.01214EPSS
Exploits1References1
prion
prion
added 2022/03/30 11:15 p.m.25 views

Design/Logic Flaw

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSIONID is predictable. An attacker can hijack a valid session and conduct further malicious operations...

6.5CVSS8.7AI score0.01214EPSS
Exploits1References3Affected Software1
veracode
veracode
added 2022/02/21 6:19 a.m.24 views

Business Logic Errors

microweber/microweber is vulnerable to business logic errors. Lack of secure validation of sessionid for usermanager in the function removeitem causes business logic errors...

4.9CVSS3.4AI score0.00925EPSS
Exploits1References2Affected Software1
nessus
nessus
added 2021/11/17 12:0 a.m.31 views

EulerOS Virtualization 2.9.1 : libssh (EulerOS-SA-2021-2753)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime...

6.5CVSS6.2AI score0.04683EPSS
Exploits0References2
nessus
nessus
added 2021/11/11 12:0 a.m.16 views

EulerOS 2.0 SP9 : libssh (EulerOS-SA-2021-2691)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session...

6.5CVSS6.3AI score0.04683EPSS
Exploits0References2
osv
osv
added 2021/08/31 5:15 p.m.20 views

CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

6.5CVSS6.4AI score
Exploits0References8
cve
cve
added 2021/08/31 12:0 a.m.484 views

CVE-2021-3634

CVE-2021-3634 affects libssh

6.5CVSS6.5AI score0.04683EPSS
Exploits0References8Affected Software1
debiancve
debiancve
added 2021/08/31 12:0 a.m.47 views

CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

6.5CVSS6.2AI score0.04683EPSS
Exploits0
redhatcve
redhatcve
added 2021/08/26 1:32 p.m.41 views

CVE-2021-3634

A flaw has been found in libssh. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

6.5CVSS1.7AI score0.04683EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2021/08/26 12:0 a.m.55 views

CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

6.5CVSS6.5AI score0.04683EPSS
Exploits0References2
prion
prion
added 2021/08/10 7:15 p.m.20 views

Null pointer dereference

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to applycgi via a dographauth action without a sessionid key...

5CVSS7.4AI score0.00961EPSS
Exploits0References1Affected Software4
Rows per page
Query Builder