3 matches found
GHSA-J48Q-4C78-RHF9 openssl-encrypt: Dynamic .so loading for Whirlpool uses broad glob pattern without integrity verification
Severity: HIGH Summary The Whirlpool hash implementation in opensslencrypt/modules/registry/hashregistry.py at lines 570-589 uses glob patterns to find .so modules in site-packages and loads the first match via importlib without verifying module integrity. Affected Code python for sitepkg in...
Monoprice.com Cart Enumeration
As similarly stated at http://nmap.org/mailman/listinfo/fulldisclosure I would appreciate if Monoprice.com better secures its ecommerce site by fixing the following flaw rather than hiding it. With no cookies, visiting http://www.monoprice.com/Cart yields an empty cart with no cart id . Adding an...
Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...