Rasmus Moorats

#8638of 53,633
31.8Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2026-43118
6.5
2026-05-25
Apache · Apache Shiro · CVE-2026-43827
**Name of the Vulnerable Software and Affected Versions** Apache Shiro versions 1.0 through 2.1.0 Apache Shiro version 3.0.0-alpha-1 **Description** Default configurations contain a session fixation issue. In the affected versions, when a session already exists, it is not invalidated upon successful login, and a new session ID is not generated. Session fixation is a technique where an attacker provides a valid session ID to a user and then waits for the user to authenticate, allowing the attacker to hijack the authenticated session. **Recommendations** Upgrade to version 2.1.1 for versions 1.0 through 2.1.0. Upgrade to version 3.0.0-alpha-2 or later for version 3.0.0-alpha-1.
PT-2026-34264
7.3
2026-04-22
Apache · Apache Httpclient · CVE-2026-40542
**Name of the Vulnerable Software and Affected Versions** Apache HttpClient version 5.6 **Description** A missing critical step in authentication allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. **Recommendations** Upgrade to version 5.6.1.
PT-2019-10078
9.0
2019-04-11
Inteno · Inteno Iopsys · CVE-2018-20487
Name of the Vulnerable Software and Affected Versions: Inteno IOPSYS versions 1.0 through 3.16 Description: An issue was discovered in the firewall3 component. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the `path` argument to a malicious script or binary. This gets executed as root when the firewall changes are committed. Recommendations: For Inteno IOPSYS versions 1.0 through 3.16, consider restricting access to the JSON-RPC method to add firewall rules until a patch is available. As a temporary workaround, avoid using the `path` argument to point to external scripts or binaries.
PT-2017-11959
9.0
2017-07-17
Inteno · Inteno Routers · CVE-2017-11361
**Name of the Vulnerable Software and Affected Versions** Inteno routers (affected versions not specified) **Description** The issue concerns a JUCI ACL misconfiguration in Inteno routers, allowing the `user` account to read files, write to files, and add root SSH keys via JSON commands to `ubus`. This exploitation can be facilitated by the fact that the `user` password might be easily guessable, such as being set to `user` or matching the Wi-Fi key. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.