41 matches found
GHSA-P836-389H-J692 Improper Access Control in Apache Shiro
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
Apache Shiro < 1.2.5 Default Cipher Key (CVE-2016-4437)
The Apache Shiro uses a default cipher key for the 'remember me' feature when not explicitly configured. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code or access content that would otherwise be protected by a security constraint...
Apache Shiro Default Cipher Key (CVE-2016-4437)
Binary data apacheshirocve-2016-4437.nbin...
VulnCheck KEV: CVE-2016-4437
Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...
Apache Shiro Code Execution Vulnerability
Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...
Security Bulletin: AMI Baseboard Management Controller (BMC) Firmware Vulnerabilities in NVIDIA DGX-1, DGX-2, and DGX A100 Servers - October 2020
NVIDIA has released a firmware security update for NVIDIA DGX™ servers. This update addresses security issues in the AMI Baseboard Management Controller BMC firmware that may lead to remote code execution, elevation of privileges, or information disclosure. All issues require network access to th...
Amber - POC Reflective PE Packer
Amber is a proof of concept packer, it can pack regularly compiled PE files into reflective PE files that can be used as multi stage infection payloads. If you want to learn the packing methodology used inside the Amber check out below. PS: This is not a complete tool some things may break so tak...
shiro: Security constraint bypass
It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...
shiro: Security constraint bypass
It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...
DEBIAN-CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
Code injection
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
UBUNTU-CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...
PT-2016-3363
Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 1.2.5 Description The issue is related to the "remember me" feature in Apache Shiro, where the lack of a configured cipher key allows remote attackers to execute arbitrary code or bypass intended access...
FileZilla 2.2.15 FTP Client Hard-Coded Cipher Key Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the...
filezillaWeak.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: FileZilla weakly-encrypted password vulnerability Risk: HIGH Credits: pagvac Adrian Pastor Date found: 6th August, 2005 Homepage: www.ikwt.com www.adrianpv.com E-mail: m123303 - at - richmond.ac.uk Background - ----------- FileZilla is the most...
FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key
FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key // source: https://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in a...