22 matches found
EUVD-2020-30332
Malware in sbrugna...
EUVD-2018-0497
Malware in sbrugna...
CVE-2020-9528
Firmware developed by Shenzhen Hichip Vision Technology V6 through V20, as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio...
CVE-2020-9526
CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising...
Incorrect Object Recycling And Re-use
Apache Tomcat is vulnerable to Incorrect object recycling and re-use. The vulnerability is due to flawed object recycling logic in Apache Tomcat's HTTP/2 implementation. Specifically, the request and response objects are not properly cleared or segregated before being reused, allowing data from o...
Cross-site Scripting (XSS)
firebase is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the "FIREBASEDEFAULTS" cookie, which allows attackers to manipulate the "authTokenSyncURL" field and redirect user session data to a malicious server...
Remitly: [CRITICAL] 0-Click Account Takeover via Password Reset [AUTH-3243] /orchestrator/v1/password_reset/start
The vulnerability discovered allows an attacker to reset the password of a victim's account without requiring any user interaction or special privileges. By intercepting the password reset request and modifying it with the victim's session data, the attacker can successfully take over the account...
Moxa PT-G503 Series Sensitive Cookie Not Properly Secured (CVE-2023-4217)
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. This...
MOXA PT-G503 Unauthorized Access Vulnerability
MOXA PT-G503 is a series of Layer 2 managed switches from MOXA China. The MOXA PT-G503 unauthorized access vulnerability can be exploited by a remote attacker to submit a special request that can be used to gain unauthorized access to and manipulate user session data...
CVE-2023-5035
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
CVE-2023-5035 Cookie Without Secure Flag
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
CVE-2023-5035 Cookie Without Secure Flag
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
CVE-2023-5035
CVE-2023-5035 affects the Moxa PT-G503 Series firmware prior to v5.2. The root cause is that the Secure attribute for sensitive cookies in HTTPS sessions is not set, which can allow cookies to be transmitted in plaintext over an HTTP session. Potential impact includes exposure/manipulation of use...
Moxa ioLogik 4000 Series Session Cookie Without HttpOnly Flag (CVE-2023-4228)
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...
Information disclosure
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...
CVE-2023-4228 ioLogik 4000 Series: Session Cookies Attribute Not Set Properly
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...
Code injection
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...
CVE-2023-0944
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...
PT-2023-16630 · Bhima · Bhima
Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The issue allows an authenticated attacker with regular user permissions to update arbitrary user session data, including username, email, and password. This is due to the application being vulnerable to...
CVE-2020-9526
CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising...