26 matches found
CVE-2026-25818
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption...
EUVD-2009-4972
Malware in sbrugna...
EUVD-2021-30692
Malicious code in bioql PyPI...
CVE-2009-5014
The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...
Authentication Bypass
auth0/auth0-php is vulnerable to Authentication Bypass. The vulnerability is due to weak authentication tag protection due to session cookies configured with CookieStore being susceptible to brute-force attacks, potentially allowing unauthorized access...
phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities
According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in phpMyAdmin. When the user does not...
CVE-2018-11426
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change...
Authentication flaw
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change...
CVE-2018-11426
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change...
phpmyadmin -- multiple vulnerabilities
The phpmyadmin development team reports: Weakness with cookie encryption Multiple XSS vulnerabilities Multiple XSS vulnerabilities PHP code injection Full path disclosure SQL injection attack Local file exposure Local file exposure through symlinks with UploadDir Path traversal with SaveDir and...
Apple OS X CFNetwork Information Disclosure Vulnerability
Apple OS X is a specialized operating system developed for Mac computers. Apple OS X's CFNetwork uses weak privileges on web-browser cookies. A local attacker could exploit this vulnerability to obtain sensitive information...
D-Link AP 3200 Multiple Vulnerabilities
No description provided by source. Exploit Title: D-Link AP 3200 Multiple Vulnerabilities Date: 29/07/2014 Exploit Author: pws Vendor Homepage: http://www.dlink.com/ Firmware Link: http://ftp.dlink.ru/pub/Wireless/DWL-3200AP/Firmware/ Tested on: Latest version Shodan d0rk: "Server:...
D-Link AP 3200 Multiple Vulnerabilities
Exploit for hardware platform in category web applications Those vulnerabilities have only been tested on the D-Link AP 3200 serie but other series 8600, 7700, 2700, .. might also be vulnerable. 1. Unauthenticated request to change Wireless settings To do so, you just need to craft a specific POS...
D-Link AP 3200 - Multiple Vulnerabilities
D-Link AP 3200 - Multiple Vulnerabilities Exploit Title: D-Link AP 3200 Multiple Vulnerabilities Date: 29/07/2014 Exploit Author: pws Vendor Homepage: http://www.dlink.com/ Firmware Link: http://ftp.dlink.ru/pub/Wireless/DWL-3200AP/Firmware/ Tested on: Latest version Shodan d0rk: "Server:...
D-Link AP 3200 Missing Authentication / Cleartext Secret Storage
Exploit Title: D-Link AP 3200 Multiple Vulnerabilities Date: 29/07/2014 Exploit Author: pws Vendor Homepage: http://www.dlink.com/ Firmware Link: http://ftp.dlink.ru/pub/Wireless/DWL-3200AP/Firmware/ Tested on: Latest version Shodan d0rk: "Server: Allegro-Software-RomPager/4.06" 12000 devices CVE...
D-Link AP 3200 - Multiple Vulnerabilities
Exploit Title: D-Link AP 3200 Multiple Vulnerabilities Date: 29/07/2014 Exploit Author: pws Vendor Homepage: http://www.dlink.com/ Firmware Link: http://ftp.dlink.ru/pub/Wireless/DWL-3200AP/Firmware/ Tested on: Latest version Shodan d0rk: "Server: Allegro-Software-RomPager/4.06" 12000 devices CVE...
AjaXplorer contains multiple vulnerabilities
Overview AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme. Description AjaXplorer contains a directory traversal vulnerability in the "Get Template" feature. The URL variables templatename and pluginName can be used to explo...
CVE-2009-5014
The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...
Authorization
The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...
CVE-2009-5014
The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...