Design/Logic Flaw

A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A...

CVE-2017-7902

CVE-2017-7902 affects Rockwell Automation Allen‑Bradley MicroLogix 1100 (1763-L16Axx, 16.00 and earlier) and MicroLogix 1400 (1766-L32Axx, 16.00 and earlier). The issue is nonce reuse in encryption, enabling an attacker to capture and replay a valid request until the nonce changes, potentially co...

WordPress wpDiscuz plugin <= 3.2.8 - Cross-Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF Vulnerability was found in WordPress wpDiscuz plugin in 3.2.8 version. There's no nonce check when resetting the plugins settings. Solution Update the plugin...

WordPress WooCommerce Upload My File plugin <= 0.3.9 - Cross-Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF Vulnerability was found in WordPress WooCommerce Upload My File plugin in 0.3.9 version. It's missing a nonce to check when the plugin settings are saved. Solution Update the plugin...

WordPress Responsive Menu plugin <= 3.1.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability

Wordpress Responsive Menu plugin Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS Vulnerabilities. There's a lack of sanitization for saving the options in updateOptions function, in the /app/Controllers/AdminController.php file. Also, a nonce is missing in the plugin's settings page...

WordPress Huge-IT Video Gallery 2.0.4 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications DefenseCode ThunderScan SAST Advisory WordPress Huge-IT Video Gallery Plugin Security Vulnerability Advisory ID: DC-2017-01-009 Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection vulnerability Advisory URL:...

WordPress Huge-IT Video Gallery 2.0.4 SQL Injection

DefenseCode ThunderScan SAST Advisory WordPress Huge-IT Video Gallery Plugin Security Vulnerability Advisory ID: DC-2017-01-009 Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Huge-IT...

Input validation

DISPUTED The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt...

CVE-2017-9230

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. Th...

CVE-2017-9230

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. Th...

PT-2017-18795 · Bitcoin · Bitcoind

Name of the Vulnerable Software and Affected Versions: Bitcoin affected versions not specified Description: The Bitcoin Proof-of-Work algorithm has an issue related to 80-byte block headers with varying initial 64-byte chunks followed by the same 16-byte chunk, and multiple candidate root values...

WordPress Cross-Site Request Forgery Vulnerability (CNVD-2017-07305)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the File System Certificates dialog in WordPress version...

CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...

UBUNTU-CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...

DEBIAN-CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...

CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...

CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...

CVE-2017-9064

CVE-2017-9064 affects WordPress prior to 4.7.5. The vulnerability is a CSRF in the filesystem credentials dialog where updating credentials does not require a nonce, enabling unauthorized credential changes. The issue is validated by the description in the initial document; no exploitation status...

GetSimple CMS Elevation of Privilege Vulnerability

GetSimple is a content management system. An elevation of privilege vulnerability exists in admin/inc/templatefunctions.php in GetSimple CMS, which can be exploited by an attacker to elevate privileges to an arbitrary user or conduct a CSRF attack by counting session cookies or CSRF nonce...

CVE-2017-8081

Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...