CVE-2021-27200

CVE-2021-27200 affects WoWonder 3.0.4. The issue is a weak cryptographic algorithm in recover.php, making the code parameter easily predictable from the time of day. This enables remote attackers to take over any account. The vulnerability is described consistently across multiple sources (NVD, R...

WoWonder Social Network Platform 3.1 - Authentication Bypass

Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...

WoWonder Social Network Platform 3.1 Authentication Bypass

Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...

WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit

Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...

Adventures in Contacting the Russian FSB

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service FSB, the Russian equivalent of the U.S. Federal Bureau of Investigation FBI. In the process of doing so, I encountered a small snag: The FSBs website said in order to communicate with them securely, I needed to...

Schneider Electric homeLYnk and spaceLYnk Unauthorized Access Vulnerability

Schneider Electric homeLYnk and spaceLYnk are both automation programming software for different logic controllers from Schneider Electric, France. An unauthorized access vulnerability exists in Schneider Electric homeLYnk and spaceLYnk, which arises from the presence of a broken or dangerous...

CVE-2021-22738

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack...

Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack...

CVE-2021-22738

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack...

CVE-2021-22738

CVE-2021-22738 affects Schneider Electric homeLYnk and spaceLYnk (versions up to and including 2.60). The root cause is use of a broken or risky cryptographic algorithm that could allow unauthorized access after credentials are discovered via brute force. The Red Hat, CNVD, CVE/NVD entries corrob...

Code injection

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280...

IBM Security Guardium 加密问题漏洞

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A weak cryptographic algorithm vulnerability exists in IBM Security...

Use of a Broken or Risky Cryptographic Algorithm in Terraform

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. Specific Go Packages Affected github.com/hashicorp/terraform/backend/remote-state/azure...

Siemens and PKE Control Center Server

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens/PKE Equipment: Control Center Server CCS Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky...

IBM DataPower Gateway Weak Encryption Algorithm Vulnerability

IBM DataPower Gateway is a security and integration platform built specifically for mobile, cloud, API, web, SOA, B2B and cloud workloads. A weak cryptographic algorithm vulnerability exists in IBM DataPower Gateway 10.0.0.0 - 10.0.1.0. An attacker could exploit the vulnerability to decrypt highl...

IBM DataPower Gateway 加密问题漏洞

IBM DataPower Gateway is a security and integration platform built specifically for mobile, cloud, API, web, SOA, B2B and cloud workloads. A weak cryptographic algorithm vulnerability exists in IBM DataPower Gateway 10.0.0.0 - 10.0.1.0. An attacker could exploit the vulnerability to decrypt highl...

Advantech Spectre RT Industrial Routers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: Spectre RT Industrial Routers Vulnerabilities: Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper...

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A weak cryptographic algorithm vulnerability exists in IBM Security Verify Information Queue. An attacker could exploi...

IBM Security Identity Governance and Intelligence Weak Encryption Algorithm Vulnerability

IBM Security Identity Governance and Intelligence is an integrated identity management solution based on network devices. A weak cryptographic algorithm vulnerability exists in IBM Security Identity Governance and Intelligence 5.2.6. An attacker could exploit this vulnerability to decrypt highly...

IBM Security Guardium Data Encryption Weak Encryption Algorithm Vulnerability

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. A weak cryptographic algorithm vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. An attacker...