151 matches found
CVE-2025-3449
The CVE-2025-3449 issue affects the SDM component of B&R Automation Runtime, before version 6.4. Root cause: generation of predictable numbers/identifiers that can be exploited by an unauthenticated, network-based attacker. Impact: potential takeover of already established sessions. Documented in...
CVE-2025-3449 Weak Session Token used in Automation Runtime SDM
A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions...
EUVD-2006-3223
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-27739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE...
CVE-2025-48461
CVE-2025-48461 involves weak, predictable session cookies that enable an unauthenticated attacker to perform brute‑force guessing and account takeover, potentially gaining root/admin/user access and resetting passwords. Connected sources reference affected Advantech industrial controllers (WISE-4...
NCR Atleos Terminal Handler 安全漏洞
NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A security vulnerability exists in NCR Atleos Terminal Handler version 1.5.1 that stems from insufficient session cookie...
CVE-2020-27739
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-11728
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...
AZL-61741 CVE-2024-58135 affecting package perl-Mojolicious 8.57-3
Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...
CVE-2024-58135
Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...
DEBIAN-CVE-2024-58135
Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...
CVE-2024-58135
Mojolicious (Perl) vulnerability CVE-2024-58135: default app skeleton generation using mojo generate app writes a weak HMAC session secret via the insecure rand() function, enabling potential brute-forcing of session keys. Affected: Mojolicious versions from 7.28 for Perl (and related 0.999922–9....
CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default
Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...
Mojolicious 安全漏洞
Mojolicious is Mojolicious open source Perl-based real-time web framework. A security vulnerability exists in Mojolicious 9.39 and earlier versions, which stems from the use of an insecure rand function to generate weak HMAC session keys, which could lead to brute-force breaking of session keys...
Delta Electronics COMMGR 安全漏洞
Delta Electronics COMMGR is a communication management software from Delta Electronics China. A code execution vulnerability exists in Delta Electronics COMMGR that stems from insufficient randomness in session ID generation, which can be exploited by an attacker to brute-force break the session ...
ABB FLXeon 安全漏洞
The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon suffers from a security bypass vulnerability that stems from insufficient session management to prevent unauthorized HTTPS requests. No detailed vulnerability details are provided at this time...
IBM Security Verify Directory和IBM Security Directory Integrator 代码问题漏洞
IBM Security Verify Directory and IBM Security Directory Integrator are both products of International Business Machines IBM.IBM Security Verify Directory is part of an authentication and access management solution.IBM Security Directory Integrator is an integrated development environment and...
PT-2024-23074
Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller uses poor session management, allowing an unauthenticated attacker to access administrator functionality if any other user is...
Totolink N350RT 代码问题漏洞
The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a session hijacking vulnerability, which is caused by insufficient session expiration in the /cgi-bin/cstecgi.cgi script. An attacker could use this vulnerability to access other...
Dell iDRAC6 Improperly Implemented Security Check for Standard (CVE-2018-1243)
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers t...