Lucene search
K

39001 matches found

0day.today
0day.today
added 2020/09/06 12:0 a.m.63 views

Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks Exploit

Noise-Java suffers from an issue located in the AESGCMFallbackCipherState.encryptWithAd method defined in AESGCMFallbackCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks...

9.8CVSS0.1AI score0.02553EPSS
Exploits11
0day.today
0day.today
added 2020/09/06 12:0 a.m.58 views

Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks Exploit

Noise-Java suffers from an issue located in the ChaChaPolyCipherState.encryptWithAd method defined in ChaChaPolyCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were fou...

9.8CVSS0.02553EPSS
Exploits11
0day.today
0day.today
added 2020/09/06 12:0 a.m.103 views

Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks Exploit

Noise-Java suffers from an issue located in the AESGCMOnCtrCipherState.encryptWithAd method defined in AESGCMOnCtrCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were...

9.8CVSS6.8AI score0.02553EPSS
Exploits11
0day.today
0day.today
added 2020/09/04 12:0 a.m.22 views

Nord VPN 6.31.13.0 - (nordvpn-service) Unquoted Service Path Vulnerability

Exploit Title: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path Discovery by: chipo Vendor Homepage: https://nordvpn.com Software Link : https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Tested Version: 6.31.13.0 Tested on OS: Windows 10 Pro x64 es...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/09/04 12:0 a.m.38 views

BarracudaDrive v6.5 - Insecure Folder Permissions Vulnerability

Exploit Title: BarracudaDrive v6.5 - Insecure Folder Permissions Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Tested On: Windows 10 Pro CVSS Base...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/09/04 12:0 a.m.24 views

COVR 3902 1.01B0 Hardcoded Credentials Vulnerability

Title: Telnet Hardcoded Credentials Summary: The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data Affected Firmware: COVR-3902REVAROUTERFIRMWAREv1.01B0 CV...

10CVSS9.7AI score0.03933EPSS
Exploits3
0day.today
0day.today
added 2020/09/01 12:0 a.m.54 views

Sagemcom F@ST 5280 Privilege Escalation Vulnerability

Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the...

9CVSS8.8AI score0.03672EPSS
Exploits3
0day.today
0day.today
added 2020/09/01 12:0 a.m.225 views

Kamailio 5.4.0 Header Smuggling Exploit

Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of removehf. Kamailio vulnerable to header smuggling possible due to bypass of removehf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: - Report date &...

7AI score
Exploits0
0day.today
0day.today
added 2020/08/31 12:0 a.m.6769 views

Apache2 mod_proxy_uwsgi Incorrect Request Handling Exploit

Apache2 suffers from an incorrect handling of large requests issue in modproxyuwsgi. Apache2: Incorrect handling of large requests in modproxyuwsgi modproxyuwsgi as included in current versions of Apache httpd incorrectly handles large HTTP requests. The UWSGI line protocol uses uint16t length...

9.8CVSS9.8AI score0.90039EPSS
Exploits2
0day.today
0day.today
added 2020/08/31 12:0 a.m.150 views

TP-Link WDR4300 Remote Code Execution Exploit

TP-Link WDR4300 with firmware versions 3.13.33 and 3.14.3 post-authentication remote code execution exploit. !/usr/bin/python3 import sys import hashlib import base64 import requests import binascii import socket """ RCE via stack-based overflow on TP-Link WDR4300 N750 devices, using...

9CVSS0.2AI score0.52559EPSS
Exploits8
0day.today
0day.today
added 2020/08/31 12:0 a.m.28 views

BlazeDVD 7.0 Professional - (.plf) Local Buffer Overflow (SEH/ASLR/DEP) Exploit

Title: BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow SEH,ASLR,DEP Author: emalp Date: 2020-08-31 Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Windows 7 Home Basic Run this file bfile.plf...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/08/31 12:0 a.m.182 views

MikroTik RouterOS Memory Corruption / NULL Pointer Dereference Vulnerbilities

MikroTik RouterOS suffers from NULL pointer dereference, memory corruption and division by zero vulnerabilities. Advisory: three vulnerabilities found in MikroTik's RouterOS Details ======= MikroTik RouterOS Memory Corruption / NULL Pointer Dereference Vulnerbilities Product: MikroTik's RouterOS...

7.7AI score
Exploits0
0day.today
0day.today
added 2020/08/28 12:0 a.m.48 views

Eikon Thomson Reuters 4.0.42144 File Permissions Vulnerability

Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution. ======================================================================= title: Extensive file permissions on service executable product: Eikon Thomson Reuters vulnerable version: 4.0.421...

7.8CVSS0.1AI score0.00478EPSS
Exploits3
0day.today
0day.today
added 2020/08/28 12:0 a.m.24 views

ASX to MP3 converter 3.1.3.7.2010.11.05 - (.wax) Local Buffer Overflow (DEP,ASLR Bypass) Exploit

Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow DEP,ASLR Bypass PoC Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter3.1.3.7.2010.11.05.exe?raw=true Exploit Author: Paras Bhatia Discovery...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/08/28 12:0 a.m.53 views

SUPERAntiSpyware Professional X Trial Privilege Escalation Vulnerability

Exploit Title: SUPERAntiSpyware Professional X Trial 10.0.1206 Local Privilege Escalation Date: 2020-08-28 Exploit Author: b1nary Vendor Homepage: https://www.superantispyware.com/ Software Link: https://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWARE Version: 10.0.1206 lowe...

0.8AI score
Exploits0
0day.today
0day.today
added 2020/08/25 12:0 a.m.42 views

Linux CoW Incorrect Access Grant Exploit

A Linux copy-on-write issue can wrongly grant write access. Linux: CoW can wrongly grant write access because of pinned references or THP bug I've stumbled over two ways in which copy-on-write of anonymous memory after fork is currently broken: Page references through the page refcount and a bug ...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/25 12:0 a.m.32 views

Linux/x86 reverse TCP Shellcode (84 bytes)

Title: Linux/x86 - Reverse TCP Shellcode 84 bytes Author: Xenofon Vassilakopoulos Tested on: Linux 3.13.0-32-generic 57precise1-Ubuntu i686 i386 GNU/Linux Architecture: i686 GNU/Linux Shellcode Length: 84 bytes SLAE-ID: SLAE - 1314 --------------------- Reverse Shellcode ---------------------...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/08/25 12:0 a.m.118 views

Chrome NewFixedArray Missing Array Size Check Vulnerability

Chrome suffers from a missing array size check in NewFixedArray. Chrome: Missing array size check in NewFixedArray VULNERABILITY DETAILS V8 caps the number of elements a fixed array can contain1. Most of the code that needs to create or resize a fast JS array i.e. one that's backed by a fixed arr...

7.2AI score
Exploits0
0day.today
0day.today
added 2020/08/25 12:0 a.m.56 views

Ericom Access Server 9.2.0 Server-Side Request Forgery Exploit

Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target...

5.3CVSS5.2AI score0.01689EPSS
Exploits4
0day.today
0day.today
added 2020/08/22 12:0 a.m.414 views

Eibiz i-Media Server Digital Signage 3.8.0 File Path Traversal Vulnerability

Eibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/22 12:0 a.m.458 views

Seowon SlC 130 Router - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Seowon SlC 130 Router - Remote Code Execution Author: maj0rmil4d - Ali Jalalat Author website: https://secureguy.ir Date: 2020-08-20 Vendor Homepage: seowonintech.co.kr Software Link:...

9.6AI score0.70908EPSS
Exploits8
0day.today
0day.today
added 2020/08/22 12:0 a.m.517 views

Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover Exploit

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object part of ActionScript object graphs, effectively elevating to an administrative role or...

7.5AI score
Exploits0
0day.today
0day.today
added 2020/08/22 12:0 a.m.464 views

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass Exploit

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoin...

7.7AI score
Exploits0
0day.today
0day.today
added 2020/08/22 12:0 a.m.513 views

Complaint Management System 1.0 - (cid) SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Complaint Management System 1.0 - 'cid' SQL Injection Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/08/22 12:0 a.m.1580 views

Linux/x86 execve /bin/sh Shellcode (10 bytes)

Exploit Title: Linux/x86 - execve "/bin/sh" 10 bytes Google Dork: None Exploit Author: cybersaki Vendor Homepage: None Software Link: None Version: None Tested on: Kali linux 2020.2a i386 x86 CVE : none Shellcode-length : 10 SLAE-id : Purchased | email protected Reference :...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/22 12:0 a.m.605 views

vBulletin 5.1.2 < 5.1.9 - Unserialize Code Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' = %q This module exploits a PHP...

7.5CVSS6.5AI score0.80635EPSS
Exploits12
0day.today
0day.today
added 2020/08/22 12:0 a.m.493 views

Linux/x86 /dev/sda Partition Wiping Shellcode (35 bytes)

Exploit Title: Linux/x86 - Shred /dev/sda wipe partition Shellcode 35 bytes Google Dork: None Exploit Author: cybersaki Vendor Homepage: None Software Link: None Version: None Tested on: Kali linux 2020.2a i386 x86 CVE : none Shellcode-length : 35 SLAE-id : Purchased | email protected ; Descripti...

Exploits0
0day.today
0day.today
added 2020/08/22 12:0 a.m.489 views

Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vulnerability

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability. Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/22 12:0 a.m.494 views

WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass Vulnerability

Exploit for php platform in category web applications Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura...

0.1AI score0.01152EPSS
Exploits4
0day.today
0day.today
added 2020/08/20 12:0 a.m.306 views

PNPSCADA 2.200816204020 - (interf) SQL Injection (Authenticated) Vulnerability

Exploit for php platform in category web applications Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection Authenticated Exploit Author: İsmail ERKEK Vendor Homepage: http://wiki.pnpscada.com/forumHome.jsp Version: 2.200816204020 Tested on: - 1. Description: ----------------------...

0.6AI score
Exploits0
0day.today
0day.today
added 2020/08/20 12:0 a.m.502 views

Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Ruijie Networks Switch eWeb S29RGOS 11.4 - Directory Traversal Exploit Author: Tuygun Vendor Homepage: https://www.ruijienetworks.com/ Version: eWeb S29RGOS 11.41B12P11 Source : https://faruktuygun.com/directorytraversal.ht...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/08/20 12:0 a.m.319 views

ElkarBackup 1.3.3 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: ElkarBackup 1.3.3 - Persistent Cross-Site Scripting Exploit Author: Enes Özeser Vendor Homepage: https://www.elkarbackup.org/ Version: 1.3.3 Tested on: Linux 1- Go to following url. http://HOST/elkarbackup/login 2- Default...

Exploits0
0day.today
0day.today
added 2020/08/19 12:0 a.m.289 views

Pharmacy Medical Store And Sale Point 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/19 12:0 a.m.498 views

PAC Bypass Due To Unprotected Function Pointer Imports Exploit

PAC aims to prevent an attacker with the ability to read and write memory from executing arbitrary code. It does that by cryptographically signing and validating code pointers as well as some data pointers at runtime. However, it seems that imports of function pointers from shared libraries in...

8.8CVSS8.8AI score0.01971EPSS
Exploits1
0day.today
0day.today
added 2020/08/18 12:0 a.m.507 views

Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit

Exploit for php platform in category web applications !/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link:...

4.3CVSS0.2AI score0.39598EPSS
Exploits9
0day.today
0day.today
added 2020/08/18 12:0 a.m.210 views

Savsoft Quiz 5 - Stored Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/18 12:0 a.m.291 views

Pharmacy Medical Store and Sale Point 1.0 - (catid) SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/18 12:0 a.m.333 views

vBulletin 5.6.2 Persistent Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.2 Stored XSS Date:15.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/08/18 12:0 a.m.321 views

XenForo 2.1.10 Patch 2 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: XenForo v2.1.10 Patch 2 Stored XSS Author: Vincent666 ibn Winnie Software Link: https://xenforo.com/demo/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog :https://pentest-vincent.blogspot.com/ PoC...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/08/18 12:0 a.m.565 views

Apache OFBiz XML-RPC Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04. This module requires Metasploit: https://metasploit.com/download Current source:...

6.1CVSS0.6AI score0.98926EPSS
Exploits16
0day.today
0day.today
added 2020/08/18 12:0 a.m.290 views

D-Link Central WiFi Manager CWM(100) Remote Code Execution Exploit

This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes i...

9.8CVSS9.8AI score0.80682EPSS
Exploits4
0day.today
0day.today
added 2020/08/18 12:0 a.m.236 views

Tailor Management System 1.0 Persistent Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Title: Tailor Management System 1.0 - Stored Cross-Site Scripting Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/18 12:0 a.m.302 views

Geutebruck testaction.cgi Remote Command Execution Exploit

This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 'Geutebruck...

9CVSS7.5AI score0.60435EPSS
Exploits4
0day.today
0day.today
added 2020/08/18 12:0 a.m.384 views

Microsoft SharePoint Server 2019 - Remote Code Execution Exploit

Exploit for asp platform in category web applications Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013...

6.8CVSS8AI score0.94243EPSS
Exploits10
0day.today
0day.today
added 2020/08/15 12:0 a.m.314 views

Safari Webkit For iOS 7.1.2 JIT Optimization Bug Exploit

This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit CVE-2016-4669 that obtains kernel rw, obtains root and disables code signing. Finally we...

8.8CVSS0.1AI score0.38602EPSS
Exploits5
0day.today
0day.today
added 2020/08/15 12:0 a.m.241 views

QiHang Media Web Digital Signage 3.0.9 Credential Disclosure Vulnerability

QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/15 12:0 a.m.327 views

Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Vulnerabilities

Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: fixed version released CVE: - Credit: Qian Chen@cq674350529 of Qihoo 360 Nirvan Team Product Description ================== Router...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/15 12:0 a.m.221 views

QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability

Exploit for hardware platform in category web applications QiHang Media Web QH.aspx Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/15 12:0 a.m.176 views

Avian JVM 1.2.0 Integer Overflow Exploit

Vulnerability title: Avian JVM vm::arrayCopy Multiple Integer Overflows Author: Pietro Oliva CVE: CVE-2020-17360 Vendor: ReadyTalk Product: Avian JVM Affected version: 1.2.0 Description: The issue is located in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks...

7.8CVSS8.3AI score0.01159EPSS
Exploits8
0day.today
0day.today
added 2020/08/15 12:0 a.m.190 views

QiHang Media Web Digital Signage 3.0.9 Password Disclosure Vulnerability

QiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. QiHang Media Web QH.aspx Digital Signage 3.0.9...

6.7AI score
Exploits0
Total number of security vulnerabilities39001