CVE-2026-25892

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

EUVD-2011-4237

Malware in sbrugna...

GHSA-9WRW-P9RM-R782 onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.

In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature algorithm used. The opensslverify function returns 1 when the signature was...

VaultPress 1.89-1.9 - Unauthenticated RCE

The builtin WAF must be disabled or bypassed for successful exploitation. v1.89 - Improper usage of opensslverify - signature compare - timing attack unsafe v1.9 - signature compare - timing attack unsafe...

An error during signature verification can be treated as a successful verification.

…nse. In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature algorithm used. The opensslverify function returns 1 when the signature...

Moodle 2.0.x < 2.0.5 / 2.1.x < 2.1.2 Multiple Vulnerabilities

Binary data 8713.prm...

PHP 6.0 openssl_verify() Local Buffer Overflow PoC

No description provided by source. ?php // ================================================================================== // // PHP 6.0 opensslverify Local Buffer Overflow PoC // // Tested on WIN XP, Apache, PHP 6.0dev. Local Buffer Overflow. // // Local Buffer Overflow // Author: Pr0T3cT10n...

PHP 6.0 openssl_verify() Local Buffer Overflow PoC

Exploit for windows platform in category dos / poc // // ================================================================================== // // REGISTERS: // EAX 000003D0, ECX 00BBDB28, EDX 00BBDAD8 // EBX 00BBC940, ESP 0012FB5C UNICODE "AAA...." // ESI 00BBC940, EDI 00831D00, EBP 0012FBF0...

PHP 6.0 - &#039;openssl_verify()&#039; Local Buffer Overflow (PoC)

// // ================================================================================== // // REGISTERS: // EAX 000003D0, ECX 00BBDB28, EDX 00BBDAD8 // EBX 00BBC940, ESP 0012FB5C UNICODE "AAA...." // ESI 00BBC940, EDI 00831D00, EBP 0012FBF0 UNICODE "AAA...." // EIP 00410041 // //...

PHP 6.0 openssl_verify() Buffer Overflow

// // ================================================================================== // // REGISTERS: // EAX 000003D0, ECX 00BBDB28, EDX 00BBDAD8 // EBX 00BBC940, ESP 0012FB5C UNICODE "AAA...." // ESI 00BBC940, EDI 00831D00, EBP 0012FBF0 UNICODE "AAA...." // EIP 00410041 // //...

PHP 6.0 - openssl_verify() Local Buffer Overflow (PoC)

PHP 6.0 - opensslverify Local Buffer Overflow PoC // // ================================================================================== // // REGISTERS: // EAX 000003D0, ECX 00BBDB28, EDX 00BBDAD8 // EBX 00BBC940, ESP 0012FB5C UNICODE "AAA...." // ESI 00BBC940, EDI 00831D00, EBP 0012FBF0 UNICO...

CVE-2011-4302

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...

Input validation

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...

CVE-2011-4302

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...