Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice

The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the...

October 12, 2021-KB5006065 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016

October 12, 2021-KB5006065 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016 Release Date: October 12, 2021 Version: .NET Framework 4.8 The October 12, 2021 update for Windows 10, version 1607 and Windows Server, version 2016 includes cumulativ...

LibreOffice 信任管理问题漏洞

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes the Writer text documents, Calc spreadsheets and Impress presentations applications. LibreOffice suffers from a trust management issue vulnerability that stems from the application not...

LibreOffice 数据伪造问题漏洞

LibreOffice is an open source office software suite from The Document Foundation. LibreOffice suffers from a Data Forgery Problem vulnerability that stems from the application not properly checking the digital signatures of ODF documents. An attacker could use the vulnerability to change the...

IBM Sterling B2B Integrator Weak Encryption Algorithm Vulnerability (CNVD-2021-82422)

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs. IBM Sterling B2B Integrator versions 5.2.0.0-6.0.3.4, 6.1.0.0-6.1.0.3 are vulnerable to a weak encryption algorithm. An attacker could exploit the...

Ransomware in the CIS

Introduction These days, when speaking of cyberthreats, most people have in mind ransomware, specifically cryptomalware. In 2020–2021, with the outbreak of the pandemic and the emergence of several major cybercriminal groups Maze, REvil, Conti, DarkSide, Avaddon, an entire criminal ecosystem took...

Use of a Broken or Risky Cryptographic Algorithm in anonaddy/anonaddy

Description MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Recent advances in cryptanalysis have discovered weaknesses in both algorithms. Consequently, MD5 and SHA-1 should no longer be relied upon to verify the authenticity...

Default credentials

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables...

CVE-2021-23855 Information disclosure

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables...

Use of a Broken or Risky Cryptographic Algorithm in froxlor/froxlor

Description Froxlor uses microtime to seed uniqid which is then hashed to produce a session token, microtime can be reasonably brute-forced/predicted, thus allowing for a relatively large-scale account-takeover attack or accurate targeted ones. Both microtime and uniqid are cryptographically...

SharpML - Machine Learning Network Share Password Hunting Toolkit

SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C. The tool is discussed in more detail on our blog here, but is summarised below also: SharpML is C and Python based tool that performs a number of operations with a view to mining file shares, queryin...

IBM Cloud Pak for Security 加密问题漏洞

IBM Cloud Pak for Security CP4S is an open security platform from IBM that connects to your existing data sources, generates deeper insights, and enables you to act faster with automation. IBM Cloud Pak for Security CP4S suffers from an encryption issue vulnerability in versions 1.7.0.0, 1.7.1.0,...

_pow is mathematically wrong

Handle 0xsanson Vulnerability details Impact In IndexPool.sol, the function pow is called during the computation of the output amount when swapping. function powuint256 a, uint256 n internal pure returns uint256 output output = n % 2 != 0 ? a : BASE; for n /= 2; n != 0; n /= 2 a = a a; if n % 2 !...

CVE-2021-41106

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

CVE-2021-41096

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

CVE-2021-41096

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

Security feature bypass

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

CVE-2021-41096 Use of a Broken or Risky Cryptographic Algorithm in com.mayank.rucky

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

CVE-2021-41096

The CVE-2021-41096 entry concerns the Rucky Android USB HID Rubber Ducky Launch Pad. Affected releases (versions 2.2 and earlier for release builds; 425 and earlier for nightly builds) use a weak cryptographic algorithm (RSA/ECB/PKCS1Padding) for encryption. The issue is addressed in v2.3 for rel...

Dell EMC IsilonSD Management Server 加密问题漏洞

DELL Dell EMC IsilonSD Management Server is a management server for EMC IsilonSD storage from Dell USA. Dell EMC IsilonSD Management Server is vulnerable to a cryptographic issue that arises from the use of a corrupted or risky encryption algorithm in the SSH component. A remote attacker could...