Lucene search
+L

83 matches found

nvd
nvd
added 2020/07/01 8:15 p.m.20 views

CVE-2019-15310

An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...

10CVSS0.08257EPSS
Exploits1References3
cvelist
cvelist
added 2020/07/01 7:18 p.m.25 views

CVE-2019-15310

An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...

10AI score0.08257EPSS
Exploits1References3
prion
prion
added 2020/04/20 9:15 p.m.15 views

Code injection

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call...

5CVSS7.5AI score0.51798EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2020/04/20 8:18 p.m.27 views

CVE-2020-11946

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call...

7.5AI score0.51798EPSS
Exploits0References2
nvd
nvd
added 2019/11/20 9:15 p.m.19 views

CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...

7.5CVSS8.3AI score0.04126EPSS
Exploits0References9
cvelist
cvelist
added 2019/11/20 8:50 p.m.29 views

CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...

8.3AI score0.04126EPSS
Exploits0References9
akamaiblog
akamaiblog
added 2019/10/11 8:0 p.m.256 views

Verify JWT With JSON Web Key Set (JWKS) in API Gateway

JSON Web Tokens JWT use digital signatures to establish the authenticity of the data they contain, as well as authenticating the identity of the signer. A valid signature check ensures that any party can rely on the contents and the signatory of the JWT. This is typically accomplished by using an...

7.1AI score
Exploits0
cnvd
cnvd
added 2017/12/15 12:0 a.m.10 views

wolfSSL Information Disclosure Vulnerability (CNVD-2018-00600)

wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. An information disclosure vulnerability exists in wolfSSL versions prior to 3.12.2. An attacker could exploit this vulnerability to...

7.5CVSS6.2AI score0.24922EPSS
Exploits0References1
hackerone
hackerone
added 2017/05/25 1:57 p.m.22 views

ThisData: Insecure Cache-Control Leading to API key Retrieval

Description: https://thisdata.com/customers/user/install/apis/number/reauthorize Does not have good browser cache management, allowing another user with access to the device to retrieve the API key. All of the thisdata.com pages do not have the cache management correctly configured, allowing the...

0.3AI score
Exploits0
kitploit
kitploit
added 2016/07/08 10:13 p.m.23 views

AntiRansom - Fighting against Ransomware using Honeypots

AntiRansom is a tool capable of detect and stop attacks of Ransomware using honeypots. First, Anti Ransom creates a random decoy folder with many useless random documents Excel, PDF and then it monitors the folder waiting for changes. When a change is detected, AntiRansom tries to identify wich...

7.6AI score
Exploits0
debian
debian
added 2015/06/30 8:47 p.m.67 views

[SECURITY] [DLA 262-1] libcrypto++ security update

Package : libcrypto++ Version : 5.6.0-6+deb6u1 CVE ID : CVE-2015-2141 Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow...

5CVSS7.4AI score0.02879EPSS
Exploits0
nvd
nvd
added 2014/12/02 1:59 a.m.18 views

CVE-2014-3068

IBM Java Runtime Environment JRE 7 R1 before SR1 FP1 7.1.1.1, 7 before SR7 FP1 7.0.7.1, 6 R1 before SR8 FP1 6.1.8.1, 6 before SR16 FP1 6.0.16.1, and before 5.0 SR16 FP7 5.0.16.7 allows attackers to obtain the private key from a Certificate Management System CMS keystore via a brute force attack...

6.4CVSS5.9AI score0.01153EPSS
Exploits0References6
threatpost
threatpost
added 2014/04/17 1:50 p.m.17 views

Certificate Revocations Shoot Up in Wake of OpenSSL Heartbleed Bug

The after effects of the OpenSSL heartbleed vulnerability continue to spread through the technology industry, nearly two weeks after the details of the flaw were disclosed. One of the latest repercussions is a huge increase in the number of SSL certificates being revoked, as site owners and hosti...

6.6AI score
Exploits0References2
prion
prion
added 2013/08/19 11:55 p.m.37 views

Design/Logic Flaw

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

1.9CVSS6.4AI score0.00533EPSS
Exploits0References16Affected Software5
zdt
zdt
added 2009/09/28 12:0 a.m.21 views

e107 eCaptcha plugin 2.1 xss

Exploit for unknown platform in category web applications ============================ e107 eCaptcha plugin 2.1 xss ============================ XSS: POST query at page http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0 alertdocument.cookie in field: Type Here. Working key ecaptchake...

7.1AI score
Exploits0
seebug
seebug
added 2008/06/02 12:0 a.m.44 views

Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (Python)

No description provided by source. !/bin/python This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version...

7.1AI score
Exploits0
nvd
nvd
added 2005/05/02 4:0 a.m.16 views

CVE-2005-0809

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme fixed byte reordering to protect the key, which allows remote attackers to obtain the key via a brute force attack...

7.5CVSS6.6AI score0.01198EPSS
Exploits0References3
cvelist
cvelist
added 2005/03/20 5:0 a.m.24 views

CVE-2005-0809

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme fixed byte reordering to protect the key, which allows remote attackers to obtain the key via a brute force attack...

6.6AI score0.01198EPSS
Exploits0References3
cve
cve
added 2005/03/20 5:0 a.m.54 views

CVE-2005-0809

CVE-2005-0809 affects NotifyLink server: when client key retrieval is enabled, an unauthenticated HTTP POST to /hwp/get.asp can disclose AES keys. The server uses a fixed byte reordering scheme to obfuscate the key, substantially weakening cryptographic protection and enabling brute-force recover...

7.5CVSS6.6AI score0.01198EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2004/08/20 12:0 a.m.23 views

PKCS#1 Version 1.5 Session Key Retrieval

Binary data 1971.prm...

4CVSS7.3AI score0.02501EPSS
Exploits0References1
Rows per page
Query Builder