D-Link DCS-8300LHV2 安全漏洞

D-Link DCS-8300LHV2 is a webcam from China AUO D-Link. A security vulnerability exists in the D-Link DCS-8300LHV2 that stems from a RTSP ValidateAuthorizationHeader Nonce Stack-based Buffer Overflow Remote Code Execution vulnerability...

CVE-2023-7067

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

CVE-2023-7067 ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

CVE-2023-7067

CVE-2023-7067 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules (formerly WooLentor) WordPress plugin. All versions through 2.8.1 are vulnerable to unauthorized modification of data due to a missing capability check in woolentor_template_store. An authenticated attack...

CVE-2023-50053

An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce random number...

CVE-2023-50059

An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce random number...

CVE-2023-50059

An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce random number...

CVE-2023-50053

An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce random number...

CVE-2023-50053

CVE-2023-50053 affects Foundation platform 1.0 (Foundation.app). The issue lies in the Web3 authentication process where the signed message lacks a nonce, enabling a remote attacker to obtain sensitive information. The PT-2023-31463 entry attributes the weakness to the Message Handler component a...

CVE-2023-50059

Galxe platform 1.0 is affected by CVE-2023-50059. The issue stems from the Web3 authentication process producing a signed message without a nonce, enabling potential replay attacks and disclosure of sensitive information via remote access. No exploit details are provided in the documents, and rem...

CVE-2023-50053

An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce random number...

CVE-2023-50059

An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce random number...

CVE-2024-3052

Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway...

PuTTY < 0.81 Key Recovery Attack Vulnerability

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

CVE-2024-1637 360 Javascript Viewer <= 1.7.12 - Missing Authorization to Plugin Settings Update

The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access o...

Cross site request forgery (csrf)

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modif...

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...

Exploit for CVE-2024-25600

CVE-2024-25600 Exploit Tool 🚀 Description 📝 This tool 🛠️...