Twitter Algorithmic Bias: Economic Harm through Twitter's Cropping Algorithm

Bounty Hunter Name: CyberQueenMeg About You: Megan, also known as CyberQueenMeg, is a passionate rising cybersecurity professional who is interested in programming, cybersecurity, and web development. Megan is a high school senior in a rigorous computer science program at her high school where sh...

JetBrains YouTrack 加密问题漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. JetBrains YouTrack is vulnerable to an encryption issue prior to version 2021.2.16363, which stems from the software's use of the SHA-256 algorithm for password hashing. An attacker...

Uchihash - A Small Utility To Deal With Malware Embedded Hashes

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dynamically importing APIs especially in shellcode Checking running process used by analysts Anti-Analysis Checking VM or Antivirus artifacts Anti-Analysis...

Use of a Broken or Risky Cryptographic Algorithm in hdinnovations/unit3d-community-edition

✍️ Description The referenced code block uses PHP's native md5 and uniqid functions to generate the attributes named passkey and rsskey - both of which are to be considered cryptographically insecure due to their usage of uniqid which is not to be considered cryptographically secure. 🕵️‍♂️ Proof of...

Security Bulletin: A vulnerability is identified in IBM Cloud Pak for Applications v4.3 which uses an inadequate encryption algorithm.

Summary A vulnerability is identified in IBM Cloud Pak for Applications v4.3 which uses an inadequate encryption algorithm. Vulnerability Details CVEID: CVE-2021-20369 DESCRIPTION: IBM Cloud Pak for Applications uses weaker than expected cryptographic algorithms that could allow an attacker to...

Updated filezilla packages fix security vulnerability

filezilla embeds a PuTTY client that was vulnerable: PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by...

Use of a Broken or Risky Cryptographic Algorithm in serghey-rodin/vesta

✍️ Description uniqid does not generate cryptographically secure strings, even if it did, supplying it with mtrand would render it insecure as an attacker would be able to gain access to a victim's account by simply knowing when they logged in, this could be used as a mass-account-takeover vector...

Argus Surveillance DVR 4.0 Weak Password Encryption

Exploit Title: Argus Surveillance DVR 4.0 - Weak Password Encryption Exploit Author: Salman Asad @deathflash1411 Date: 12.07.2021 Version: Argus Surveillance DVR 4.0 Tested on: Windows 7 x86 Build 7601 & Windows 10 Reference:...

CVE-2021-20497

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969...

IBM Cloud Pak for Applications Information Disclosure Vulnerability (CNVD-2022-05113)

IBM Cloud Pak for Applications is an application from IBM USA, Inc. IBM Cloud Pak for Applications v4.3 contains a security vulnerability that stems from the fact that IBM Cloud Pak for Applications uses a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decry...

IBM Cloud Pak for Applications Information Disclosure Vulnerability

IBM Cloud Pak for Applications is an application from IBM USA, Inc. A security vulnerability exists in IBM Cloud Pak for Applications version 4.3, which stems from the application's use of an improper encryption algorithm. An attacker could exploit the vulnerability to be able to decrypt highly...

Code injection

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361...

CVE-2021-20593

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and...

Design/Logic Flaw

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and...

CVE-2021-20593

CVE-2021-20593 describes an incorrect implementation of the authentication algorithm in Mitsubishi Electric air conditioning systems and expansion controllers (e.g., G-50A, GB-50A, AG-150A/AJ, GB-50ADA/J, EB-50GU, AE/W/E series, TE/TW series, CMS-RMD-J, PAC-YG50ECA). The flaw allows a remote auth...

JWTweak - Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm

With the global increase in JSON Web Token JWT usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementatio...

Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling

✍️ Description The function mtrand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical...

Use of a Broken or Risky Cryptographic Algorithm in emoncms/emoncms

✍️ Description The function mtrand is used to generate verification keys, API keys both read & write, and even hash salts, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this functio...

Use of a Broken or Risky Cryptographic Algorithm in panique/huge

✍️ Description The function mtrand is used to generate password-reset tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate password-reset tokens that...

Use of a Broken or Risky Cryptographic Algorithm in mautic/mautic

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...