1554 matches found
Design/Logic Flaw
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...
Design/Logic Flaw
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...
Design/Logic Flaw
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...
CVE-2021-41994 PingID iOS mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...
CVE-2021-41994
The CVE-2021-41994 entry concerns PingID: an RSA misconfiguration in the PingID iOS app prior to 1.19. This flaw enables pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. Affected component: PingID iOS app (pre-1.19); root cause: RSA misconfigurati...
CVE-2021-41993 PingID Android mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...
CVE-2021-41993
CVE-2021-41993 affects PingID Android app versions prior to 1.19 due to a misconfiguration of RSA. The flaw enables pre-computed dictionary attacks that can cause an offline MFA bypass when using PingID Windows Login. Public references in NVD/CVE records confirm the vulnerability and its impact a...
CVE-2021-41992
CVE-2021-41992 relates to a RSA misconfiguration in PingID Windows Login prior to version 2.7, making it susceptible to pre-computed dictionary attacks and enabling an offline MFA bypass. The Red Hat and NVD entries confirm the same description across multiple sources. Affected software is PingID...
Ping Identity Windows PingId 授权问题漏洞
Ping Identity Windows PingId is a software from Ping Identity USA that provides security for applications. A security vulnerability exists in PingID Windows Login version 2.7 that stems from an RSA misconfiguration that is susceptible to a pre-computed dictionary attack, leading to an offline MFA...
Ping Identity Android App 安全特征问题漏洞
Ping Identity Android App is a mobile app for authentication from Ping Identity. A security vulnerability exists in Ping Identity Android App versions prior to 1.19 that stems from an RSA misconfiguration that is vulnerable to a pre-computed dictionary attack, resulting in bypassing the offline M...
PT-2022-11523 · Ping Identity · Pingid Android App +1
Name of the Vulnerable Software and Affected Versions: PingID Android app versions prior to 1.19 Description: The issue is related to a misconfiguration of RSA in the PingID Android app, which makes it vulnerable to pre-computed dictionary attacks. This vulnerability can lead to an offline MFA...
Ping Identity iOS App 安全特征问题漏洞
Ping Identity iOS App is a mobile app for authentication from Ping Identity. A security vulnerability exists in Ping Identity iOS App versions prior to 1.19, which stems from a misconfigured RSA that is susceptible to a pre-computed dictionary attack, leading to a bypass of the offline MFA when...
PT-2022-11522 · Ping Identity · Pingid Windows Login
Name of the Vulnerable Software and Affected Versions: PingID Windows Login versions prior to 2.7 Description: A misconfiguration of RSA in PingID Windows Login is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. Recommendations: For versions prior to 2.7, update t...
The vulnerability of the QuerySet.explain() function implementation in the Django web application framework allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the QuerySet.explain function implementation in the Django web application framework is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of...
Personal Dictionary < 1.3.4 - Unauthenticated SQLi
The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. PoC 1. Create a new page with the plugin's shortcode shortcode can be copied from...
WordPress Personal Dictionary plugin <= 1.3.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Personal Dictionary plugin versions = 1.3.3. Solution Update the WordPress Personal Dictionary plugin to the latest available version at least 1.3.4...
GHSA-W24H-V9QH-8GXJ SQL Injection in Django
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
SQL Injection in Django
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
GHSA-2GWJ-7JMV-H26R SQL Injection in Django
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
DEBIAN-CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...