66 matches found
Discovery uses the same AES/GCM Nonce throughout the session
Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...
GHSA-2H3H-VW8R-82RP Weak JSON Web Token in yapi-vendor
Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used as a source of randomness in jwt signing. Math.random does not provide cryptographically secure random numbers. This has be...
Apache MyFaces 2.x Cross Site Request Forgery
Ceritude Securiy Advisory - CSA-2021-001 PRODUCT : Apache MyFaces VENDOR : The Apache Software Foundation SEVERITY : High AFFECTED VERSION : =2.2.13, =2.3.7, =2.3-next-M4, =2.1 branches IDENTIFIERS : CVE-2021-26296 PATCH VERSION : 2.2.14, 2.3.8, 2.3-next-M5, 3.0.0 FOUND BY : Wolfgang Ettlinger,...
nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers
In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...
List of Open Source C2 Post-Exploitation Frameworks
PenTestIT RSS Feed This post has been lying in my drafts for more than a year with edits all over. But two days ago, it was announced that Powershell Empire would no longer be supported by it's authors. Hence just like I curated a list of adversary emulation tools, I finalized this list of open...
PHP 7.0.x < 7.0.1 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.1. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in the collatorsortwithsortkeys function due to improper clearing of pointers when destroying an array. An...
[ASA-201801-11] qtpass: private key recovery
Arch Linux Security Advisory ASA-201801-11 ========================================== Severity: High Date : 2018-01-11 CVE-ID : CVE-2017-18021 Package : qtpass Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-576 Summary ======= The package qtpass before version...
Insecure Random Number Generation
zeppelin is vulnerable to insecure random number generation. It is insecure because it generates predictable random numbers using java.util.Random rather than using a cryptographically secure random number generator...
Koadic C3 COM Command & Control – JScript RAT
Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...
Insecure Random Number Generation
jsencrypt is vulnerable to insecure random number generation. It is insecure because it generates predictable random numbers using Math.random rather than using a cryptographically secure random number generation...
Insecure Pseudorandom Number Generation
randomkey is vulnerable to insecure pseudorandom number generation. The vulnerability exists because it uses Math.random instead of cryptographically secure pseudorandom number generation...
Alvosec: Alvocrypt uses a cryptographically insecure PRNG.
Dear Alvosec bug bounty team, Summary --- A PRNG is an algorithm used to produce random-looking numbers with certain desirable statistical properties. In order for a PRNG to be cryptographically secure it must be resistant to prediction. The generatepass function in Alvocrypt currently uses...
Insecure Random Number Generator
django-simple-sso is vulnerable to brute force attacks due to it's insecure random number generator. The random number generator generates pseudo-random numbers rather than a cryptographically secure random number...
Security update for php5 (important)
This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...
SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1310-1)
This update for php53 fixes the following security issues : - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...
openSUSE: Security Advisory for php5 (openSUSE-SU-2016:1274-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : php5 (openSUSE-2016-576)
This update for php5 fixes the following issues : - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2016-3074: Signedness vulnerability in bundled libgd ma...
PHP 7.0.x < 7.0.1 Multiple Vulnerabilities
Binary data 9064.prm...
phpmyadmin -- Unsafe generation of XSRF/CSRF token
The phpMyAdmin development team reports: The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. We consider this vulnerability to be non-critical...
Debian DSA-3439-1 : prosody - security update
Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2016-1231 Kim Alvefur discovered a flaw in Prosody's HTTP file-serving module that allows it to serve requests outside of the...