8765 matches found
CVE-2014-9749
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."...
CVE-2014-9749
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."...
CVE-2014-9749
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."...
withinsecurity: Uses unsafe-inline without nonce
Hi, I found you website using Uses unsafe-inline without nonce. Allowing unsafe-eval can increase risk of various types of attacks. Consider adding a nonce which makes injecting malicious code more difficult as an attacker would need to guess the nonce. Thanks,...
Offline WPS Bruteforce Utility: PixieWPS
Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack Additional Video: http://video.adm.ntnu.no/pres/549931214e18d Pixiewps requires libssl. To install it: sudo apt-get install libssl-dev Installation:...
Amazon Linux: Security Advisory (ALAS-2014-425)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
python-oauth2: Uses poor PRNG in nonce
It was found that python-oauth2 did not properly generate random values for use in nonces. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...
python-oauth2: _check_signature() ignores the nonce value when validating signed urls
It was found that python-oauth2 did not properly verify the nonce of a signed URL. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...
python-oauth2: Uses poor PRNG in nonce
It was found that python-oauth2 did not properly generate random values for use in nonces. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...
python-oauth2: _check_signature() ignores the nonce value when validating signed urls
It was found that python-oauth2 did not properly verify the nonce of a signed URL. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...
WordPress 3.8.1 / 3.8.2 / 4.2.2 Cross Site Request Forgery Vulnerability
A cross site request forgery vulnerability in the comment form of WordPress versions 3.8.1, 3.8.2, and 4.2.2 allows for administrative impersonation. Details ================ Software: WordPress Version: 3.8.1,3.8.2,4.2.2 Homepage: http://wordpress.org/ Advisory report:...
WordPress 3.8.1 / 3.8.2 / 4.2.2 Cross Site Request Forgery
Details ================ Software: WordPress Version: 3.8.1,3.8.2,4.2.2 Homepage: http://wordpress.org/ Advisory report: https://security.dxw.com/advisories/comment-form-csrf-allows-admin-impersonation-via-comments-in-wordpress-4-2-2/ CVE: Awaiting assignment CVSS: 4.3 Medium;...
Popular WordPress SEO Plugin Fixes XSS Bug
The Yoast WordPress SEO plugin, which has been downloaded more than 14 million times, has a serious cross-site scripting vulnerability that can allow an attacker to force a vulnerable site to execute arbitrary HTML code. The bug may have been reported to the plugin’s developer as long as two year...
Pixiewps - Bruteforce Offline the WPS Pin (Pixie Dust Attack)
Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack. It is meant for educational purposes only. All credits for the research go to Dominique Bongard. DEPENDENCIES Pixiewps requires libssl. To install it:...
WordPress WP Super Cache Plugin Security Vulnerability Patch
A persistent cross-site scripting XSS vulnerability exists in some versions of a popular WordPress caching engine plugin. The issue – since fixed – exposes vulnerable sites to takeover. From there, attackers could inject malicious scripts, backdoors and so forth. The plugin, WP Super Cache, has...
CVE-2015-2792
The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET...
Design/Logic Flaw
The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET...
CVE-2015-2792
The CVE-2015-2792 entry concerns the WordPress WPML plugin prior to 3.1.9. It describes a vulnerability where the plugin does not properly handle multiple actions in a single request, allowing an attacker to bypass nonce checks and perform arbitrary actions by including an action parameter in bot...
Dropbox SDK for Android Security Bypass Vulnerability
Dropbox is an innovative online file storage, synchronization, and sharing service that offers free client software, is open source and cross-platform, and runs on Windows, Mac OS X, and Linux operating systems. A security bypass vulnerability exists in Dropbox SDK for Android. An attacker can...
WordPress WPML Missing Authentication
One more vulnerability reported on March 02 and fixed in version 3.1.9: 4. Unauthenticated administrative functions An unauthenticated attacker may under certain conditions bypass WPML's nonce check and perform administrative functions. The administrative ajax functions are protected with nonces ...