CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

TP-Link WR886N 安全漏洞

The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/getregverifycode, which can be exploited by a remote attacker to submit a special request that can crash an application or can be used to execute...

TP-Link WR886N 安全漏洞

The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/checkresetpwdverifycode, which can be exploited by a remote attacker to submit a special request that can crash the application or can execute arbitrar...

TP-Link WR886N 安全漏洞

The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/checkregverifycode, which can be exploited by a remote attacker to submit a special request that can crash the application or can be used to execute...

ThinkPHP 默认配置导致验证码暴力破解

简要描述： ThinkPHP 默认配置导致验证码暴力破解 详细说明： 最近用Thinkphp时发现，验证码类默认的check函数在检查完验证码是否正确后，并未重置session，导致可被暴力破解。 写这样的代码，再看看Verify类的check函数， public function check$code, $id = '' $key = $this-authcode$this-seKey.$id; // 验证码不能为空 $secode = session$key; ifempty$code || empty$secode return false; // session 过期...