14 matches found
ALTCHA 数据伪造问题漏洞
ALTCHA is a self-hosted CAPTCHA software from ALTCHA Open Source. ALTCHA suffers from a Data Forgery Problem vulnerability that stems from HMAC signatures not explicitly bound to challenge parameters, which could lead to replay attacks...
EUVD-2009-3846
Malware in sbrugna...
EUVD-2022-5107
Malicious code in bioql PyPI...
SUSE CVE-2009-3875
The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...
TYPO3 Improper Access Control vulnerability
The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...
CVE-2013-7081
The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...
Design/Logic Flaw
The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...
CVE-2013-7081
The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...
UBUNTU-CVE-2013-7081
The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...
OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)
The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...
openSUSE 10 Security Update : bytefx-data-mysql (bytefx-data-mysql-6365)
The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documents. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. %NASLMINLEVEL 70300 C Tenable Network...
SuSE 10 Security Update : Mono (ZYPP Patch Number 6353)
The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documents. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. %NASLMINLEVEL 70300 C Tenable Network...
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1252)
The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documentes. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. CVE-2009-0217 The WebStart component...