54 matches found
in beestat/app
✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. In this case the function that generates weak random numbers is mtrand in user.php at line 58. 🕵️♂️ Proof of Concept Vulnerable Code / Create an anonymous user so we can log in and have access...
in w7corp/easywechat
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
in w7corp/easywechat
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
in phpservermon/phpservermon
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
CVE-2019-4399
CVE-2019-4399 affects IBM Cloud Orchestrator product families (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise) versions 2.4 to 2.4.5 and 2.5 to 2.5.9. The root cause is the use of weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information, r...
Weak Cryptographic Protection
postgresql is vulnerable to Weak Cryptographic Protection. It is due to returning different error messages when decrypting certain data with an incorrect key, allowing an authenticated user to launch a possible cryptographic attack...
CVE-2018-0412
A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of...
Insecure Number Generator
libxslt.so is vulnerable to insecure number generation. The library does not use a random seed during random number generation which is not robust enough to withstand a cryptographic attack against it...
Insecure Number Generator
github.com/markbates/goth is vulnerable to insecure number generator. The SetState function in gothic.go uses math/rand which is a weak random number generator and not robust enough to withstand a cryptographic attack against it...
CVE-2016-5957
IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm...
DarkComet Server 3.2 Remote File Download
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DarkComet Server Remote File Download Exploit', 'Description' = %q This module exploits an arbitrary file download vulnerabilit...
DarkComet Server - Remote File Download Exploit (Metasploit)
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DarkComet Server Remote File Download Exploit', 'Description' = %q Thi...
DarkComet Server Remote File Download Exploit
This module exploits an arbitrary file download vulnerability in the DarkComet C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication. This module requires Metasploit: https://metasploit.com/download Current source:...
Amazon Linux: Security Advisory (ALAS-2015-556)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : postgresql8 (ALAS-2015-556)
A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQL did not proper...
Medium: postgresql8
Issue Overview: A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQ...
Scientific Linux Security Update : postgresql on SL6.x, SL7.x i386/x86_64 (20150629)
A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQL did not proper...
CentOS Update for postgresql CESA-2015:1194 centos6
Check the version of postgresql SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882214";...
Moderate: Red Hat Security Advisory: postgresql security update
Updated postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.
It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...