Contextual Related Posts < 2.9.4 - CSRF Nonce Validation Bypass

The plugin does not properly check for the CSRF nonce in the export and import features, which could allow attackers to make authenticated logged in administrators perform those actions via a CSRF attack. To bypass the nonce validation, just don't send the crpexportsettingsnonce or...

Contextual Related Posts < 2.9.4 - CSRF Nonce Validation Bypass

The plugin does not properly check for the CSRF nonce in the export and import features, which could allow attackers to make authenticated logged in administrators perform those actions via a CSRF attack. PoC To bypass the nonce validation, just don't send the crpexportsettingsnonce or...

PT-2020-6242 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.46 Description: The issue is caused by a stack overflow in the mod auth digest function of the Apache HTTP Server. This can be triggered by a specially crafted Digest nonce. Although there are no...

Medium: nspr, nss-softokn, nss-util, nss

Issue Overview: When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services NSS library. This could lead to information disclosure. This vulnerability affects Firefox ESR 60.8, Firefox 68, and...

DEBIAN-CVE-2020-28242

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send...

UBUNTU-CVE-2020-28242

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send...

PT-2020-16952 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 13.x through 13.37.0 Asterisk Open Source versions 16.x through 16.14.0 Asterisk Open Source versions 17.x through 17.8.0 Asterisk Open Source versions 18.x through 18.0.0 Certified Asterisk versions prior to...

asterisk -- Outbound INVITE loop on challenge with different nonce

The Asterisk project reports: If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate even if the call is hung up,...

squid: Information Disclosure issue in HTTP Digest Authentication

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

Greenmart < 2.5.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Due to an incomplete fix of CVE-2020-16140 see https://wpscan.com/vulnerability/10444, the reflected XSS attack is still possible on unauthenticated users, by extracting the searchnonce from the source of the homepage and adding it to the original payload. This is possible because WP nonces are...

ALPINE-CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

DEBIAN-CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

Design/Logic Flaw

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

Greenmart < 2.4.3 - Reflected Cross-Site Scripting (XSS)

The greenmartautocompletesearch AJAX action, available to both authenticated and unauthenticated users does not properly sanitise the callback parameter passed to it, resulting in a reflected Cross-Site Scripting issue. Edit WPScanTeam: The vendor 'fixed' the issue for authenticated users by addi...

CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

CVE-2020-6829

CVE-2020-6829 is a vulnerability in NSS (Network Security Services) libraries (nss, nss-util, nss-softokn, nspr) where the wNAF scalar point multiplication during ECDSA signature generation leaks partial nonce information. This side-channel can enable an attacker with electromagnetic traces from ...

GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Exploit

Exploit Title: GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Exploit Author: LiquidWorm Software Link: https://www.embedthis.com Version: 5.1.1 !/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reu...

GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse

Exploit Title: GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Date: 2019-08-29 Exploit Author: LiquidWorm Software Link: https://www.embedthis.com Version: 5.1.1 !/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture...

Improper Authentication

Overview react-adal is an Azure Active Directory Library ADAL support for ReactJS. Affected versions of this package are vulnerable to Improper Authentication. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly...

PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE

The plugin did not verify some of the uploaded feed images such as the ones from Podcast Artwork section, allowing high privilege accounts admin+ being able to upload arbitrary files, such as php, leading to RCE. https://drive.google.com/file/d/1fyf6blzeG3VX22BQX7hc1QJ20rCY5p43/view?usp=sharing -...