CVE-2021-47712

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation...

CVE-2021-47712 Kentico Xperience <= 12.0.102 URL Hashing Cryptography Vulnerability

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation...

Kentico Xperience 加密问题漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a security vulnerability that can be exploited by an attacker to cause URL hashes to be tampered with...

PT-2025-52301

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A cryptography issue exists in Kentico Xperience that may allow attackers to manipulate URL hash values by exploiting existing hashing mechanisms. A hotfix introduces an additional...

CVE-2023-53894

CVE-2023-53894 (phpfm 1.7.9) is an authentication-bypass vulnerability caused by loose type comparison in the password hash validation (checkPassword). An attacker can craft password hashes starting with 0e or 00e to bypass login and upload malicious PHP files. The issue is documented across mult...

CVE-2021-37597

WP Cerber before 8.9.3 allows MFA bypass via wordpressloggedinhash manipulation...

CVE-2025-2349

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

CVE-2024-2365

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with...

CVE-2023-4986

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...

The tokenType is concatenated rather than tightly integrated. An attacker could manipulate just the type byte of the hash.

Lines of code Vulnerability details Impact The attacker can create an unintended type of order and asset transfer. Proof of Concept The tokenType is concatenated rather than tightly integrated. An attacker could manipulate just the type byte of the hash. The issue is that the tokenType is...

NagVis 代码问题漏洞

NagVis is a program from NagVis Open Source. Used to visualize your chosen monitoring core data in a user-friendly way. A code issue vulnerability exists in NagVis 1.9.33 and earlier versions, which stems from an affected function checkAuthCookie in the file...

Advanced Hash Manipulation: Dagon

Advanced Hash Manipulation Named after the prince of Hell, Dagon day-gone is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, an...

shopify-scripts: Deleting Key-value pair from Frozen HASH or Clearing a Frozen HASH

Hey! while reviewing mruby for vulnerabilities, I stumble onto a snippet that allow an attacker to delete "key-value Pair" from a "Frozen" Hash or to clear the "Frozen" HASH. Reproduction Step ============= 1. Create a Hash like h = "a" = 100, "b" = 200 2. Freeze this hash 3. Now call delete meth...