12 matches found
libcrux: Potential Panic on Overlong Ciphertext Buffer
An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...
EUVD-2022-29295
Malicious code in bioql PyPI...
CVE-2022-24403
The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK Class 2 networks or CCK Class 3 networks. The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given on...
Mozilla Firefox和Mozilla Firefox ESR 安全漏洞
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. Mozilla Firefox and Firefox ESR suffer from an information disclosure vulnerability that stems from PK11Encrypt disclosing sensitive information under certain circumstances. An...
CVE-2024-36823
The encrypt function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information...
PYSEC-2018-21
PyCryptodome before 3.6.6 has an integer overflow in the datalen variable in AESNI.c, related to the AESNIencrypt and AESNIdecrypt functions, leading to the mishandling of messages shorter than 16 bytes...
3 6 0 the end of the tour the ultimate firepower“stealth”,“the spike”, etc. vulnerability analysis-vulnerability warning-the black bar safety net
0x01 introduction Before sent over a patch a generic D3D game buck perspective plug-in, a buddy because the stock Duvet cover, with a plug-in to play the ultimate firepower of boredom, a do nothing level is too dishes light has a perspective or abused, please I helped him the whole point of the...
ESPCMS最新版后台登入绕过DEMO测试
简要描述: 漏网之鱼,同样是加解密函数,但又与以前不同。 详细说明: 看看加解密函数 function eccode$string, $operation = 'DECODE', $key = '@LFK24s224%@safS3s%1f%', $mcrype = true $result = null; if $operation == 'ENCODE' if extensionloaded'mcrypt' && $mcrype $result = $this-encryptCookie$string, $key; else for $i = 0; $i...
Destoon B2B 2014-05-21最新版绕过全局防御暴力注入(官方Demo可重现)
简要描述: destoon某加密函数缺陷可破解导致注入 由于字符串加密,所以自带的全局stripsql gpc等直接无视了 使用不安全的“随机数”的实例 搬个小凳子吧,这个一时半会儿说不完。。。 详细说明: 出问题的是用于cookie加解密的encrypt和decrypt函数 首先看一下函数内容include/global.func.php 122行 function encrypt$txt, $key = '' $key or $key = DTKEY; //DTKEY是在安装时生成的一个15位随机字符串 $rnd = md5microtime;//缺陷 下面说 $len =...
Espcms V5.6.13.04.22 UTF8 正式版另类过后台所有模块验证漏洞之5/N
简要描述: 另类利用Espcms的加解密函数,绕过后台所有模块的权限验证 额。。。解释起来比较长,算是一种思路 详细说明: 后台权限验证的类文件:\public\classconnector.php function adminpurview if $this-fun-accept'archive', 'R' == 'filemanage' && $this-fun-accept'action', 'R' == 'batupfilesave' $ecispadmininfo = $this-fun-accept'ecispadmininfo', 'G'; $esppowerlist =...
rps62-sql.txt
? //RPS 6.2 SQL Injection Exploit //http://www.rps-project.com/ //Need magicquotesgpc = Off; //by s0cratex //Contact: s0cratexathotmaildotcom //Salu2: rgod, 0pt1x 'n mechas. errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout",5; $host = "localhost"; $path="/rps"; $id=1; echo...
CVE-1999-0834
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library...