18 matches found
CVE-2026-25072
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...
EUVD-2026-10094
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...
CVE-2026-25072
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...
CVE-2026-25072
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...
CVE-2026-25072
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...
CVE-2026-25072 XikeStor SKS8310-8X Predictable Session Identifiers
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...
XikeStor SKS8310-8X 安全特征问题漏洞
The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of the XikeStor SKS8310-8X Network Switch prior to 1.04.B07 have a security feature vulnerability. This vulnerability stems from a predictable session identifier present in the /goform/SetLogin endpoint, whic...
EUVD-2014-8313
Malware in sbrugna...
U.S. Dept Of Defense: time based SQL injection at [https://███] [HtUS]
Hello, Summary while doing test on www.█████ I’ve found that the endpoint at /olc/setlogin.php is vulnerable with SQL injection vulnerability Vulnerable parameters - username - password POC - using time based to verify , submit the below request jsx POST /olc/setlogin.php HTTP/1.1 Host: www.█████...
FreeBSD : FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2) (74389f22-6007-11e6-a6c3-14dae9d210b8)
When setlogin2 is called while setting up a new login session, the login name is copied into an uninitialized stack buffer, which is then copied into a buffer of the same size in the session structure. The getlogin2 system call returns the entire buffer rather than just the portion occupied by th...
CVE-2014-8476
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...
Buffer overflow
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...
CVE-2014-8476
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...
CVE-2014-8476
Summary: CVE-2014-8476 affects the FreeBSD kernel setlogin/getlogin path where the login-name buffer is not initialized, causing a potential kernel memory disclosure via getlogin. Affected: FreeBSD 8.4 through 10.1-RC4. Impact: local information disclosure; in practice, up to 16 bytes (FreeBSD 8)...
Debian DSA-3070-1 : kfreebsd-9 - security update
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure. - CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups. - CVE-2014-3952 Kernel memory disclosure in sockbuf control messages. - CVE-2014-395...
FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:25.setlogin Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in setlogin2 / getlogin2 Category: core Module: kernel Announced: 2014-11-04...
FreeBSD information leakage
Kernel information disclosure in setlogin/getlogin calls...
FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2)
Problem Description: When setlogin2 is called while setting up a new login session, the login name is copied into an uninitialized stack buffer, which is then copied into a buffer of the same size in the session structure. The getlogin2 system call returns the entire buffer rather than just the...