PYSEC-2017-24

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

PT-2021-3311

Name of the Vulnerable Software and Affected Versions 802.11 standard affected versions not specified Description The issue concerns the 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP. It does not require that all fragments of a frame ar...

Shuriken Pro3 S/MIME signature verification does not verify the From address

Overview Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly. Impact A user can not notice a forged message when it is signed with a proper digital signature and the From address is forged, because the software does not alert...

CVE-2007-1263

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection...

PT-2005-3792 · Openssl +1 · Openssl +2

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8 Description: The issue is related to the default configuration of OpenSSL, which uses MD5 for creating message digests. This makes it easier for remote attackers to forge certificates with a valid certificate...

PHPX 3.x - images.php Cross-Site Request Forgery Arbitrary Command Execution

PHPX 3.x - images.php Cross-Site Request Forgery Arbitrary Command Execution source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properl...