Lucene search
K

54 matches found

Huntr
Huntr
added 2021/07/03 3:30 p.m.13 views

in beestat/app

✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. In this case the function that generates weak random numbers is mtrand in user.php at line 58. 🕵️‍♂️ Proof of Concept Vulnerable Code / Create an anonymous user so we can log in and have access...

0.8AI score
Exploits0References1
Huntr
Huntr
added 2021/06/29 1:40 p.m.5 views

in w7corp/easywechat

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2021/06/28 7:38 p.m.3 views

in w7corp/easywechat

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2021/06/20 4:26 p.m.10 views

in phpservermon/phpservermon

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

1.5AI score
Exploits0References2
CVE
CVE
added 2019/10/25 4:30 p.m.101 views

CVE-2019-4399

CVE-2019-4399 affects IBM Cloud Orchestrator product families (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise) versions 2.4 to 2.4.5 and 2.5 to 2.5.9. The root cause is the use of weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information, r...

7.5CVSS7.2AI score0.00792EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2019/05/02 5:40 a.m.25 views

Weak Cryptographic Protection

postgresql is vulnerable to Weak Cryptographic Protection. It is due to returning different error messages when decrypting certain data with an incorrect key, allowing an authenticated user to launch a possible cryptographic attack...

7.5CVSS8.3AI score0.03965EPSS
Exploits0References11Affected Software3
Cvelist
Cvelist
added 2018/08/15 8:0 p.m.13 views

CVE-2018-0412

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of...

5.2AI score0.00253EPSS
Exploits0References1
Veracode
Veracode
added 2018/06/11 9:22 a.m.26 views

Insecure Number Generator

libxslt.so is vulnerable to insecure number generation. The library does not use a random seed during random number generation which is not robust enough to withstand a cryptographic attack against it...

5.3CVSS5.9AI score0.02122EPSS
Exploits0References2Affected Software2
Veracode
Veracode
added 2018/03/02 8:22 a.m.7 views

Insecure Number Generator

github.com/markbates/goth is vulnerable to insecure number generator. The SetState function in gothic.go uses math/rand which is a weak random number generator and not robust enough to withstand a cryptographic attack against it...

6.6AI score
Exploits0
Cvelist
Cvelist
added 2016/09/26 1:0 a.m.24 views

CVE-2016-5957

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm...

7.2AI score0.01363EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2016/06/22 12:0 a.m.30 views

DarkComet Server 3.2 Remote File Download

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DarkComet Server Remote File Download Exploit', 'Description' = %q This module exploits an arbitrary file download vulnerabilit...

0.1AI score
Exploits0
0day.today
0day.today
added 2016/06/21 12:0 a.m.54 views

DarkComet Server - Remote File Download Exploit (Metasploit)

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DarkComet Server Remote File Download Exploit', 'Description' = %q Thi...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2016/06/03 5:24 p.m.41 views

DarkComet Server Remote File Download Exploit

This module exploits an arbitrary file download vulnerability in the DarkComet C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.22 views

Amazon Linux: Security Advisory (ALAS-2015-556)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.08565EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/07/08 12:0 a.m.24 views

Amazon Linux AMI : postgresql8 (ALAS-2015-556)

A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQL did not proper...

9.8CVSS7.7AI score0.08565EPSS
Exploits0References4
Amazon
Amazon
added 2015/07/07 12:0 a.m.33 views

Medium: postgresql8

Issue Overview: A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQ...

9.8CVSS8.7AI score0.08565EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/07/06 12:0 a.m.19 views

Scientific Linux Security Update : postgresql on SL6.x, SL7.x i386/x86_64 (20150629)

A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQL did not proper...

9.8CVSS7.7AI score0.08565EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/07/03 12:0 a.m.28 views

CentOS Update for postgresql CESA-2015:1194 centos6

Check the version of postgresql SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882214";...

9.8CVSS8.2AI score0.08565EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/06/29 4:43 p.m.31 views

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

9.8CVSS7AI score0.08565EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/29 4:9 p.m.7 views

postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...

7.5CVSS7.3AI score0.03965EPSS
Exploits0References4
Rows per page
Query Builder