Lucene search
K

113 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 2:36 a.m.28 views

phpMyAdmin Cryptographic Vulnerability

An issue was discovered in phpMyAdmin. When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's...

5.3CVSS6.7AI score0.02002EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2016-0416)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.7AI score0.02542EPSS
Exploits0References17
NVD
NVD
added 2021/08/26 7:15 p.m.38 views

CVE-2021-29487

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...

7.4CVSS0.00895EPSS
Exploits0References3
Prion
Prion
added 2021/08/26 7:15 p.m.36 views

Authentication flaw

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...

5.8CVSS7.6AI score0.00895EPSS
Exploits0References3Affected Software1
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.24 views

FortiMail - Improper cryptographic operations in cookie encryption potentially prone to forgery

The combination of various cryptographic issues in the session management of FortiMail, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges...

6.5CVSS8.3AI score0.00692EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/06/29 7:15 p.m.7 views

CVE-2021-29481

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

7.5CVSS5.7AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/08 8:59 p.m.27 views

Security Bulletin:Missing Secure Attribute in Encrypted Session (SSL) in InfoSphere BigInsights (CVE-2014-0905)

Summary A secure flag attribute for the LTPA cookie is not set for SSL https sessions. Not having this flag prevents browser clients from ensuring that the cookie is always encrypted when transmitting from client to server. Vulnerability Details CVE ID: CVE-2014-0905 DESCRIPTION: A vulnerability...

2.9CVSS0.9AI score0.00532EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/07 12:0 a.m.45 views

phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in phpMyAdmin. When the user does not...

9.8CVSS6.8AI score0.02542EPSS
Exploits0References34
Tenable Nessus
Tenable Nessus
added 2020/11/30 12:0 a.m.39 views

phpMyAdmin 4.0.0 < 4.0.10.17 / 4.4.0 < 4.4.15.8 / 4.6.0 < 4.6.4 Multiple Vulnerabilities

"According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.17, 4.4.x prior to 4.4.15.8, or 4.6.x prior to 4.6.4. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in cookie encryption in phpMyAdmin...

10CVSS6.4AI score0.0475EPSS
Exploits0References54
OSV
OSV
added 2020/07/31 6:15 p.m.19 views

CVE-2020-15128

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a...

6.3CVSS7.2AI score
Exploits0References3
Gitee
Gitee
added 2019/12/25 8:52 a.m.6 views

Shiro-721

This is a vulnerability analysis of a Shiro RCE Remote Code Execution exploit via Padding Oracle Attack. Here's a summary of the key points: Vulnerability Overview The Shiro framework is a popular open-source security framework that provides identity, authentication, authorization, encryption, an...

7.1AI score
Exploits0
Prion
Prion
added 2018/07/09 10:29 a.m.15 views

Code injection

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php...

6.4CVSS9.1AI score0.16666EPSS
Exploits3References5Affected Software1
NVD
NVD
added 2018/07/09 10:29 a.m.14 views

CVE-2018-13784

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php...

9.1CVSS9.2AI score0.16666EPSS
Exploits3References5
OSV
OSV
added 2018/07/09 10:29 a.m.23 views

CVE-2018-13784

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php...

9.1CVSS6.9AI score
Exploits0References5
CVE
CVE
added 2018/07/09 10:0 a.m.67 views

CVE-2018-13784

CVE-2018-13784 affects PrestaShop prior to 1.6.1.20 and 1.7.x prior to 1.7.3.4, where cookie encryption in Cookie.php, Rijndael.php and Blowfish.php is mishandled. The connected exploits describe privilege-escalation PoC scenarios for PrestaShop

9.1CVSS9.2AI score0.16666EPSS
Exploits3References5Affected Software1
CNVD
CNVD
added 2018/07/04 12:0 a.m.4 views

Dialogic PowerMedia XMS Hard-Coded Encryption Key Vulnerability

Dialogic PowerMedia XMS is a suite of software multimedia servers for real-time communications from Dialogic, Inc. that provide real-time multimedia communication solutions for IMS, MRF, enterprise and WebRTC applications. A security vulnerability in the /var/www/xms/application/config/config.php...

9.8CVSS9.5AI score0.01999EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2017/08/10 12:0 a.m.4 views

The vulnerability of the mod_session_crypto module in the Apache HTTP Server allows attackers to perform attacks like Padding Oracle.

The vulnerability of the modsessioncrypto module in the Apache HTTP Server is related to encryption algorithm errors. The modsessioncrypto module encrypts its data/cookies using configured encryption algorithms with CBC or ECB modes AES256-CBC by default. Therefore, there is no optional or built-...

5CVSS7.2AI score0.49024EPSS
Exploits4References7
CNVD
CNVD
added 2017/07/28 12:0 a.m.2 views

Zoho ManageEngine Event Log Analyzer Cross-Site Scripting Vulnerability (CNVD-2017-26267)

Zoho ManageEngine Event Log Analyzer is the United States ZhuoHao Zoho company's set of systems, event log analysis software. A cross-site scripting vulnerability exists in Zoho ManageEngine Event Log Analyzer versions 11.4 and 11.5, which originates from a password being displayed in a cookie wi...

6.1CVSS6.2AI score0.02293EPSS
Exploits1References1
seebug.org
seebug.org
added 2017/04/10 12:0 a.m.196 views

PHPCMS v9 wap module SQL injection

Suspicious of the function 1. localhost/phpcms/modules/attachment/attachments. php file of the first 241GET submitted to the src variable to bring the saferelace function, and now we're into this damn filter function to see what it's doing 2. The filter function profile and bypass...

8AI score
Exploits0
OSV
OSV
added 2016/12/11 2:59 a.m.2 views

DEBIAN-CVE-2016-9847

An issue was discovered in phpMyAdmin. When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's...

5.3CVSS9.2AI score0.02002EPSS
Exploits0References1
Rows per page
Query Builder