10 matches found
Design/Logic Flaw
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...
Unprotected Ether Withdrawal
Lines of code Vulnerability details Description Due to missing or insufficient access controls, malicious parties can withdraw some or all Ether from the contract account. This bug is sometimes caused by unintentionally exposing initialization functions. By wrongly naming a function intended to b...
Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware
A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect — Android's built-in...
mitmproxy 环境问题漏洞
mitmproxy is an interactive, SSL/TLS-enabled interceptor proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. A security vulnerability exists in mitmproxy version 7.0.4 and prior versions, which can be exploited by malicious clients or servers to perform request smuggling attacks vi...
Amplification Attacks
PowerDNS Recursor is vulnerable toamplification attacks. It does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafte...
CVE-2020-10995
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted rep...
Cisco RV320 Unauthenticated Diagnostic Data Retrieval Vulnerability
Cisco RV320 router still exposes sensitive diagnostic data without authentication via the device's web interface due to an inadequate fix by the vendor. Cisco RV320 Unauthenticated Diagnostic Data Retrieval Vulnerability Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly...
Debian DSA-2363-1 : tor - buffer overflow
It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. In Tor's default configuration this issue c...
Biz Mail Form 2.x - Unauthorized Mail Relay
Biz Mail Form 2.x - Unauthorized Mail Relay source: https://www.securityfocus.com/bid/12620/info Biz Mail Form is prone to a vulnerability that allows the application to be abused as a mail relay. An attacker can exploit this issue to inject arbitrary SMTP headers by using CR and LF sequences. If...
Biz Mail Form 2.x - Unauthorized Mail Relay
source: https://www.securityfocus.com/bid/12620/info Biz Mail Form is prone to a vulnerability that allows the application to be abused as a mail relay. An attacker can exploit this issue to inject arbitrary SMTP headers by using CR and LF sequences. If successful, it becomes possible to abuse th...