4 matches found
GHSA-GQV6-PWCG-87R8 CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securit...
CVE-2026-27017
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
CVE-2026-27017
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
MoinMoin Wiki Engine XSS Vulnerability
MoinMoin Wiki Engine Cross-Site Scripting Discovered by: SecureState R&D Team sasquatch Website: www.securestate.com Discovered: 01-08-09 Vendor Notified: 01-08-09 Vendor Fix Issued: 01-11-09 http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1 Vendor Fix: Upgrade to version 1.8.1 Public Posting: 01-19-...