Lucene search
K

14 matches found

CNNVD
CNNVD
added 2025/12/16 12:0 a.m.3 views

ALTCHA 数据伪造问题漏洞

ALTCHA is a self-hosted CAPTCHA software from ALTCHA Open Source. ALTCHA suffers from a Data Forgery Problem vulnerability that stems from HMAC signatures not explicitly bound to challenge parameters, which could lead to replay attacks...

6.5CVSS6.4AI score0.00262EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-3846

Malware in sbrugna...

5CVSS6AI score0.03107EPSS
Exploits1References37
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5107

Malicious code in bioql PyPI...

4.9CVSS6.3AI score0.01017EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-3875

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS7AI score0.03107EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2022/05/17 4:54 a.m.23 views

TYPO3 Improper Access Control vulnerability

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

4.9CVSS6.8AI score0.01017EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2013/12/23 11:55 p.m.27 views

CVE-2013-7081

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

4.9CVSS6.2AI score0.01017EPSS
Exploits0References3
Prion
Prion
added 2013/12/23 11:55 p.m.20 views

Design/Logic Flaw

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

4.9CVSS6.7AI score0.01017EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2013/12/23 11:55 p.m.39 views

CVE-2013-7081

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

4.9CVSS5.9AI score0.01017EPSS
Exploits0References2
OSV
OSV
added 2013/12/23 11:55 p.m.2 views

UBUNTU-CVE-2013-7081

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

4.9CVSS5.9AI score0.01017EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2010/01/14 4:32 p.m.3 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2009/10/06 12:0 a.m.12 views

openSUSE 10 Security Update : bytefx-data-mysql (bytefx-data-mysql-6365)

The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documents. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. %NASLMINLEVEL 70300 C Tenable Network...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.20 views

SuSE 10 Security Update : Mono (ZYPP Patch Number 6353)

The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documents. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. %NASLMINLEVEL 70300 C Tenable Network...

5.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2009/09/08 3:43 p.m.4 views

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7.3AI score0.06348EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2009/08/31 12:0 a.m.49 views

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1252)

The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documentes. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. CVE-2009-0217 The WebStart component...

10CVSS7.5AI score0.06348EPSS
Exploits0References6
Rows per page
Query Builder