14 matches found
CVE-2026-25861
CVE-2026-25861 affects QloApps 1.7.0. The vulnerability is in the password hashing path: Tools::encrypt() in classes/Tools.php uses MD5 with a static cookie key, allowing offline brute-forcing of credentials. The risk is heightened by auto-generated 8-character guest-to-customer passwords in clas...
CVE-2026-25861
QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...
EUVD-2024-2433
Malicious code in bioql PyPI...
GO-2024-2987 Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper
Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper...
GHSA-W799-V85J-88PG Skupper uses a static cookie secret for the openshift oauth-proxy
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
Skupper uses a static cookie secret for the openshift oauth-proxy
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
PT-2024-5369 · Skupper · Skupper
Name of the Vulnerable Software and Affected Versions: Skupper affected versions not specified Description: A flaw was found in Skupper that may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. This issue arises when Skupper is initialized with the...
CVE-2021-42115
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie...
Business-Dna Solution GmbH TopEase 安全漏洞
Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. A security vulnerability exists in Business-Dna Solution GmbH TopEase, which...
Tenda N3 Wireless N150 Home Router - Authentication Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Complete Authentication Bypass In Tenda N3 Wireless N150 Routers Date: 03-09-2015 Software Link: http://tendacn.com/en/product/N150.html Exploit Author: Mandeep Jadon Contact: http://twitter.com/1337tr0lls Website:...
Tenda N3 Wireless N150 Router - Authentication Bypass
Tenda N3 Wireless N150 Router - Authentication Bypass Exploit Title: Complete Authentication Bypass In Tenda N3 Wireless N150 Routers Date: 03-09-2015 Software Link: http://tendacn.com/en/product/N150.html Exploit Author: Mandeep Jadon Contact: http://twitter.com/1337tr0lls Website:...
PT-2010-5121 · Red Hat · Luci
Name of the Vulnerable Software and Affected Versions: Luci versions 0.22.4 and earlier Description: The default configuration of Luci in Red Hat Conga uses a static secret key for cookies, which makes it easier for remote attackers to bypass authentication via a forged ticket cookie...