9 matches found
CVE-2018-25332
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
EUVD-2018-21853
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2018-25332
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2020-37168
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...
Paiement Ecommerce Systempay 安全漏洞
Paiement Ecommerce Systempay is an online payment platform for e-commerce services provided by the French company Paiement. Version 1.0 of Paiement Ecommerce Systempay contains a security vulnerability. This vulnerability stems from weak encryption implementations, which may allow attackers to...
CVE-2025-13399
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
CVE-2025-13399 Insecure Encryption in Communication with the Web Interface on TP-Link VX800v
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
The vulnerability of the microprogramming software of the Cisco Unified Communications Manager allows a remote attacker to bypass the device protection mechanisms.
The configauth function generates an authentication key when no authentication key is provided; this key can be discovered through brute-force methods...