83 matches found
CVE-2019-15310
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...
CVE-2019-15310
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...
Code injection
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call...
CVE-2020-11946
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call...
CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...
CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...
Verify JWT With JSON Web Key Set (JWKS) in API Gateway
JSON Web Tokens JWT use digital signatures to establish the authenticity of the data they contain, as well as authenticating the identity of the signer. A valid signature check ensures that any party can rely on the contents and the signatory of the JWT. This is typically accomplished by using an...
wolfSSL Information Disclosure Vulnerability (CNVD-2018-00600)
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. An information disclosure vulnerability exists in wolfSSL versions prior to 3.12.2. An attacker could exploit this vulnerability to...
ThisData: Insecure Cache-Control Leading to API key Retrieval
Description: https://thisdata.com/customers/user/install/apis/number/reauthorize Does not have good browser cache management, allowing another user with access to the device to retrieve the API key. All of the thisdata.com pages do not have the cache management correctly configured, allowing the...
AntiRansom - Fighting against Ransomware using Honeypots
AntiRansom is a tool capable of detect and stop attacks of Ransomware using honeypots. First, Anti Ransom creates a random decoy folder with many useless random documents Excel, PDF and then it monitors the folder waiting for changes. When a change is detected, AntiRansom tries to identify wich...
[SECURITY] [DLA 262-1] libcrypto++ security update
Package : libcrypto++ Version : 5.6.0-6+deb6u1 CVE ID : CVE-2015-2141 Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow...
CVE-2014-3068
IBM Java Runtime Environment JRE 7 R1 before SR1 FP1 7.1.1.1, 7 before SR7 FP1 7.0.7.1, 6 R1 before SR8 FP1 6.1.8.1, 6 before SR16 FP1 6.0.16.1, and before 5.0 SR16 FP7 5.0.16.7 allows attackers to obtain the private key from a Certificate Management System CMS keystore via a brute force attack...
Certificate Revocations Shoot Up in Wake of OpenSSL Heartbleed Bug
The after effects of the OpenSSL heartbleed vulnerability continue to spread through the technology industry, nearly two weeks after the details of the flaw were disclosed. One of the latest repercussions is a huge increase in the number of SSL certificates being revoked, as site owners and hosti...
Design/Logic Flaw
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...
e107 eCaptcha plugin 2.1 xss
Exploit for unknown platform in category web applications ============================ e107 eCaptcha plugin 2.1 xss ============================ XSS: POST query at page http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0 alertdocument.cookie in field: Type Here. Working key ecaptchake...
Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (Python)
No description provided by source. !/bin/python This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version...
CVE-2005-0809
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme fixed byte reordering to protect the key, which allows remote attackers to obtain the key via a brute force attack...
CVE-2005-0809
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme fixed byte reordering to protect the key, which allows remote attackers to obtain the key via a brute force attack...
CVE-2005-0809
CVE-2005-0809 affects NotifyLink server: when client key retrieval is enabled, an unauthenticated HTTP POST to /hwp/get.asp can disclose AES keys. The server uses a fixed byte reordering scheme to obfuscate the key, substantially weakening cryptographic protection and enabling brute-force recover...
PKCS#1 Version 1.5 Session Key Retrieval
Binary data 1971.prm...