76 matches found
CVE-2019-13177
verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...
CVE-2018-19991
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...
Design/Logic Flaw
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...
CVE-2018-19991
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...
CVE-2018-19991
CVE-2018-19991 / CVE-2018-9230 involve OpenResty and VeryNginx. VeryNginx 0.3.3 is described as allowing a remote attacker to bypass the Web Application Firewall due to no error handler for get_uri_args or get_post_args, enabling API misuse described in CVE-2018-9230. The connected records provid...
CVE-2018-19991
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...
Bypass Glitch Allows Malware to Masquerade as Legit Apple Files
Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way onto Macs – and a recently discovered code-signing bypass flaw allows bad code to do just that. The way some developers have implemented Apple’s official code-signing API can be exploited by...
PT-2017-19073 · Libjpeg Turbo +1 · Libjpeg-Turbo +1
Name of the Vulnerable Software and Affected Versions: libjpeg-turbo version 1.5.1 Description: The issue allows remote attackers to cause a denial of service, resulting in invalid memory access and application crash, or possibly have other unspecified impacts via a crafted jpg file. It is noted...
php云人才系统 UC API 未初始化注入漏洞
简要描述: 详细说明: api/alipaydual/notifyurl.php requireonce"alipay.config.php"; requireonce"lib/alipaynotify.class.php"; requireoncedirnamedirnamedirnameFILE."/data/db.config.php"; requireoncedirnamedirnamedirnameFILE."/include/mysql.class.php"; $db = new mysql$dbconfig'dbhost', $dbconfig'dbuser',...
Facebook content restrictions bypass Vulnerability
Facebook content restrictions bypass Vulnerability Blackhat Academy claims to have found a way to bypass content restrictions on links, as posted on their site and posts put on a user's public wall. Even Security Analysts claim that Facebook was notified of these vulnerabilities on July 31st, 201...
DEBIAN-CVE-2011-1428
Wee Enhanced Environment for Chat aka WeeChat 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect...
UBUNTU-CVE-2011-1428
Wee Enhanced Environment for Chat aka WeeChat 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect...
Debian DSA-1701-1 : openssl, openssl097 - interpretation conflict
It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine CVE-2008-5077 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Debian Security Advisory DSA 1701-1 (openssl, openssl097)
The remote host is missing an update to openssl, openssl097 announced via advisory DSA 1701-1. OpenVAS Vulnerability Test $Id: deb17011.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1701-1 openssl, openssl097 Authors: Thomas Reinke Copyright: Copyright c...
Debian: Security Advisory (DSA-1701-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-1701-1 openssl openssl097 - cryptographic weakness
Bulletin has no description...