4 matches found
Timing Attack
Overview mojic is an Obfuscate C source code into encrypted, password-seeded emoji streams. Affected versions of this package are vulnerable to Timing Attack in the getDecryptStream process. An attacker can bypass file integrity checks by exploiting timing discrepancies in the HMAC verification,...
GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
PT-2023-28663 · WordPress · Import Xml/Rss Feeds
Name of the Vulnerable Software and Affected Versions: Import XML and RSS Feeds WordPress plugin versions prior to 2.1.4 Description: The issue allows an attacker to upload a malicious PHP file due to a lack of file extension filtering for uploaded files, leading to Remote Code Execution...
PT-2012-2878 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 2.1.x through 2.1.3 Moodle versions 2.2.x through 2.2.0 Description: The issue in lib/formslib.php does not properly handle multiple instances of a form element. This has unspecified impact and remote attack vectors...