CVE-2026-33072

Summary. CVE-2026-33072 affects FileRise, a self-hosted web file manager/WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key (default_please_change_this_key) is used for all crypto operations (HMAC token generation, AES config encryption, and session tokens), enabling an...

CVE-2025-43909

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Ris...

CVE-2017-13309

In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40082

In modifyfornextstage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Builder XtremeRAT v3.7 Vulnerability: Insecure Crypto Bypass Description: The malware...

CosaNostra Builder WebPanel Insecure Cryptographic Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder WebPanel Vulnerability: Insecure Crypto Description: The password for the panel ...

CosaNostra Builder WebPanel Insecure Cryptographic Storage Vulnerability

CosaNostra Builder WebPanel malware only uses straight MD5 to store passwords without any salt. Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83B.txt Contact: email protected Media: twitter.com/malvuln Threat:...

Backdoor.Win32.FTP.Simpel.12 Insecure Crypto Implementation

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1d12f9b921b38d7b521f12442bdd52d8B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Simpel.12 Vulnerability: Insecure Crypto Description: The malware listens on TCP...

Brexit Deal Mandates Old Insecure Crypto Algorithms

In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information. The protocol s/MIME V3 allow...

Easy Hosting Control Panel 0.37.12.b Insecure Cryptography

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-INSECURE-CRYPTO.txt + ISR: Apparition Security Greetz: indoushka|Eduardo|Dirty0tis Vendor: ============= www.ehcp.net Product: =========== Easy Hosting Control Panel...

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition...

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition Security Vendor: ========== www.sophos.com Product: =========== Sophos...

Sophos Endpoint Protection 10.7 Insecure Cryptography Vulnerability

Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash SHA1 function. Not using a salt allows attackers that gain access to hash ability to conduct faster cracking attacks using pre-computed dictionaries, e.g. rainbow tables. This can...

Sophos Endpoint Protection 10.7 Insecure Cryptography

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition Security Vendor: ========== www.sophos.com Product: =========== Sophos...

OpenSSH Implementations with X11Forwarding Enabled Should Heed Recent Security Update

Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update. The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command...

D-Link DIR-615 / DIR-300 XSS / CSRF / Command Injection / Insecure Crypto

Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele... DIR-615:...