1110 matches found
Code-Projects Hospital Management System 安全漏洞
Hospital Management System a hospital management system. Hospital Management System has a hard-coded key vulnerability that arises from the incorrect manipulation of the secret parameter by the session function in the express-session component, for which no detailed vulnerability details are...
PT-2025-41695
Name of the Vulnerable Software and Affected Versions code-projects Hospital Management System version 1.0 Description A flaw exists in the session function of the express-session component in code-projects Hospital Management System version 1.0. This issue involves manipulation of the secret...
CVE-2025-35052
Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...
EUVD-2025-33575
Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...
CVE-2025-35052
Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...
CVE-2025-35056
Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the...
CVE-2025-35052
Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...
CVE-2025-35056 Newforma Info Exchange (NIX) limited file read
Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the...
CVE-2025-35056 Newforma Info Exchange (NIX) limited file read
Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the...
CVE-2025-35056
Affected product: Newforma Info Exchange (NIX).Vulnerability: The StreamStampImage endpoint (/UserWeb/Common/MarkupServices.ashx) accepts an encrypted file path and returns an image of the specified file. The path is generated with a shared, hard-coded key described in CVE-2025-35052, enabling an...
CVE-2025-35052 Newforma Info Exchange (NIX) shared hard-coded secret key
Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...
CVE-2025-35052 Newforma Info Exchange (NIX) shared hard-coded secret key
Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...
CVE-2025-35052
Newforma Info Exchange (NIX) has a vulnerability where a shared, hard-coded key is used to encrypt certain query parameters, allowing an attacker with valid NIX access to specify encrypted file paths (e.g., via StreamStampImage in /UserWeb/Common/MarkupServices.ashx) and read arbitrary files with...
Newforma Project Center Server 安全漏洞
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center Server suffers from an information...
Allstar 信任管理问题漏洞
Allstar is an Open Source Security Foundation open source security policy software. A trust management issue vulnerability exists in Allstar versions prior to 4.5, which stems from the Reviewbot component using a hard-coded shared key to validate an inbound webhook request, which could lead to a...
PT-2025-41468
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions 2023.3 and 2024.1 Description Newforma Info Exchange NIX utilizes a hard-coded key for encrypting query parameters. Certain encrypted parameter values can define file paths for download, potentially...
PT-2025-41472
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX affected versions not specified Description The software contains a flaw in the '/UserWeb/Common/MarkupServices.ashx' endpoint, specifically within the StreamStampImage function. This function processes encrypted fil...
CVE-2025-11290
A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. Attacks of...
EUVD-2020-30115
Malware in sbrugna...
EUVD-2019-6972
Malware in sbrugna...