8659 matches found
Open Web Analytics < 1.5.6 Multiple Vulnerabilities
According to its banner, the version of Open Web Analytics installed on the remote host is prior to version 1.5.6. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists with the login page where input to the 'owauserid' parameter is not properly...
Chip and PIN EMV Protocol security vulnerabilities found
Chip-and-PIN payment cards are coming to the United States after a long head start as a standard card-present payment method in Europe and Asia. Already, retailer Target accelerated its plan to move its branded debit and credit cards to chip-and-PIN, also known as EMV Europay, MasterCard and Visa...
CVE-2013-4346
The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...
PYSEC-2014-86
The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...
PYSEC-2014-86
The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...
PYSEC-2014-85
The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...
CVE-2013-4347
The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...
CVE-2013-4346
CVE-2013-4346 affects python-oauth2 used by SimpleGeo; it stems from Server.verify_request not checking the nonce, enabling replay through a signed URL. Public references (GHSA entry) confirm the nonce verification flaw and potential replay risk. Connected advisories (RHSA entries for Red Hat Sat...
PT-2014-2777 · Simplegeo · Python-Oauth2
Name of the Vulnerable Software and Affected Versions: SimpleGeo python-oauth2 affected versions not specified Description: The issue is related to the Server.verify request function in SimpleGeo python-oauth2, which does not check the nonce. This omission allows remote attackers to perform repla...
VMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
The version of VMware Fusion 6.x installed on the remote Mac OS X host is prior to 6.0.3. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that...
VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)
The installed version of VMware Player 6.x running on Linux is prior to 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow...
SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9073)
OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been recovered. This update also ensures that the stack is marked non-executable on x86 32bit bnc870192. On other processor platforms it was already marked as...
Kloxo 6.1.18 Stable - Cross-Site Request Forgery
Kloxo 6.1.18 Stable - Cross-Site Request Forgery Exploit Title :Kloxo 6.1.18 Stable CSRF Vulnerability Vendor Homepage :http://lxcenter.org/software/kloxo Version :6.1.18 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com http://www.grisapka.org Discovery date :03/12/2014...
Design/Logic Flaw
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...
WordPress CommentLuv Plugin '_ajax_nonce' Cross-Site Scripting Vulnerability
WordPress CommentLuv Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2013-1409
Cross-site scripting XSS vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajaxnonce parameter to wp-admin/admin-ajax.php...
Google Analytics MU 2.3 Cross Site Request Forgery
Details ================ Software: Google Analytics MU Version: 2.3 Homepage: http://wordpress.org/plugins/google-analytics-mu/ CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Description ================ CSRF in Google Analytics MU 2.3 Vulnerability ================ If an admin visits a page of the...
MGASA-2013-0314 Updated python-oauth2 packages fix CVE-2013-4347
It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...
Updated python-oauth2 packages fix CVE-2013-4347
It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...
PT-2014-2778 · Python · Python-Oauth2
Name of the Vulnerable Software and Affected Versions: python-oauth2 affected versions not specified Description: The issue concerns the use of weak random numbers by the make nonce, generate nonce, and generate verifier functions in python-oauth2, making it easier for remote attackers to guess t...