GHSA-J48Q-4C78-RHF9 openssl-encrypt: Dynamic .so loading for Whirlpool uses broad glob pattern without integrity verification

Severity: HIGH Summary The Whirlpool hash implementation in opensslencrypt/modules/registry/hashregistry.py at lines 570-589 uses glob patterns to find .so modules in site-packages and loads the first match via importlib without verifying module integrity. Affected Code python for sitepkg in...

Monoprice.com Cart Enumeration

As similarly stated at http://nmap.org/mailman/listinfo/fulldisclosure I would appreciate if Monoprice.com better secures its ecommerce site by fixing the following flaw rather than hiding it. With no cookies, visiting http://www.monoprice.com/Cart yields an empty cart with no cart id . Adding an...