17 matches found
GHSA-X845-2F78-7V36 Blocky DNSSEC validation bypass and validation-cache scope pollution
Summary Blocky accepts and caches forged DNS answers while dnssec.validate: true is enabled. The issue has two related exploit paths: 1. Basic DNSSEC validation bypass. If an untrusted upstream returns an unsigned positive answer for a DNSSEC-signed public domain, Blocky classifies the response a...
CVE-2024-42012
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...
CVE-2024-42013
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...
CVE-2024-42013
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...
CVE-2024-42012
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...
CVE-2024-42012
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...
GRAU DATA Blocky 安全漏洞
GRAU DATA Blocky is a ransomware protection software from GRAU DATA, Germany. A security vulnerability exists in GRAU DATA Blocky versions prior to 3.1, which stems from a client-side enforcement of server-side security vulnerability in Blocky-Gui that allows an attacker to gain full access to al...
GRAU DATA Blocky 安全漏洞
GRAU DATA Blocky is a ransomware protection software from GRAU DATA, Germany. A security vulnerability exists in GRAU DATA Blocky versions prior to 3.1 that stems from storing passwords in an encrypted manner, allowing an attacker to steal a user's Blocky password and impersonate a local user...
CVE-2024-42013
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...
CVE-2024-42013
CVE-2024-42013 affects GRAU DATA Blocky/Blocky-Gui prior to 3.1. The issue is described as a Client-Side Enforcement of Server-Side Security vulnerability that allows an attacker with Windows administrative/debugging privileges to patch a binary in memory or on disk to bypass the password login a...
PT-2025-2617 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: GRAU DATA Blocky versions prior to 3.1 Description: The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in Blocky-Gui. An attacker with Windows administrative or debugging privileges can patch a binary in...
CVE-2024-42013
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...
CVE-2024-42012
The CVE relates to GRAU DATA Blocky before 3.1, a ransomware-protection product. The issue is that passwords are stored encrypted rather than hashed, and at login the entered password is compared to the decrypted cleartext password. An attacker with Windows admin or debugging rights can exfiltrat...
CVE-2024-42012
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...
Blocky Roads - Base64 encoded String, Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Blocky Roads published at the 'play' market has multiple vulnerabilities...
Blocky Cars: Traffic Rush - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Blocky Cars: Traffic Rush published at the 'play' market has multiple vulnerabilities...
Blocky Cop Craft Running Thief - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Blocky Cop Craft Running Thief published at the 'play' market has multiple vulnerabilities...