CVE-2021-22780

CVE-2021-22780 describes an Insufficiently Protected Credentials issue across Schneider Electric EcoStruxure product lines (EcoStruxure Control Expert/Unity Pro, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70). The vulnerability allows unauthorized access to a password-protected proj...

Schneider Electric EcoStruxure Control Expert 安全漏洞

Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A security vulnerability exists in various Schneider Electric EcoStruxure Control Expert products that ste...

Shopify: Blog posts atom feed of a store with password protection can be accessed by anyone

Hi shopify, DESCRIPTION I found a issue with blog posts atom feed of a shopify store. So without password we can't access the blog post atom feed at https://yourstore.myshopify.com/blogs/news.atom . But this can be bypass to access the atom feed of the blog posts. For example try out this. I have...

CVE-2021-29956

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will...

CVE-2021-29956

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:2263)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2263-1 advisory. - Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 CVE-2021-29967 - Mozilla: Thunderbird stored OpenPGP secret keys without...

RLSA-2021:2264 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 CVE-2021-29967 Mozilla: Thunderbird stored OpenPGP secret keys without master password protecti...

Mozilla: Thunderbird stored OpenPGP secret keys without master password protection

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will...

Falsifying and weaponizing certified PDFs

The Portable Document Format PDF file type is one of the most common file formats in use today. Its value comes from the fact that PDFs always print the same way, and that PDFs are supposed to be read-only unlike a Word document, say, which is designed to be easy to edit. This immutability can be...

in psi-4ward/psitransfer

✍️ Description Hi, with PsiTransfer we can upload files and protect them with a password. However, there is an IDOR that let an attacker retrieve arbitrary files and get the AES encrypted data of these files. All is left is to perform an offline bruteforce to crack the password of this file and ge...

MGASA-2021-0217 Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Thunderbird stored OpenPGP secret keys without master password protection CVE-2021-29956. Partial protection of inline OpenPGP message not indicated CVE-2021-29957...

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

WordPress 5.7 < 5.7.1 / 5.6 < 5.6.3 / 5.5 < 5.5.4 / 5.4 < 5.4.5 / 5.3 < 5.3.7 / 5.2 < 5.2.10 / 5.1 < 5.1.9 / 5.0 < 5.0.12 / 4.9 < 4.9.17 / 4.8 < 4.8.16 / 4.7 < 4.7.20

WordPress 5.7 5.7.1 / 5.6 5.6.3 / 5.5 5.5.4 / 5.4 5.4.5 / 5.3 5.3.7 / 5.2 5.2.10 / 5.1 5.1.9 / 5.0 5.0.12 / 4.9 4.9.17 / 4.8 4.8.16 / 4.7 4.7.20 is affected by multiple vulnerabilities: - A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library...

Design/Logic Flaw

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

UBUNTU-CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

CVE-2021-29450

CVE-2021-29450 affects WordPress: an authenticated user with at least contributor privileges could exploit a block in the WordPress editor to expose password-protected posts and pages. The issue has been patched in WordPress 5.7.1, with older affected versions addressed via minor releases. Remedi...

Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code

Automatically detect control-flow flattening and other state machines Author: Tim Blazytko Description: Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Implementation is based on Binary Ninja. Check out the following blog post for more...

AnonX - An Encrypted File Transfer Via AES-256-CBC

An Encrypted File transfer via AES-256-CBC AnonX is an encrypted file uploader and downloader. The uploaded archive lasts for one week and shall remove from the server. AnonX encrypts the directory before uploading it to the server. The download function requires the download id and AES password ...

Owncloud Authorization Issues Vulnerabilities

OwnCloud OwnCloud is a personal cloud storage solution from OwnCloud Owncloud, an American company. An authorization issue vulnerability exists in OwnCloud, which can be exploited by an attacker to bypass authentication of password-protected images by displaying a preview...

Information Leakage Vulnerability in Crypto Controls Configuration Software

QuickControl Configuration Software is a monitoring software used in industrial power and other fields. An information disclosure vulnerability exists in Quick Control Configuration Software. An attacker can use the vulnerability to delete the password field in the project file, bypass the passwo...