CVE-2025-41351

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

CVE-2025-41351

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

CVE-2025-35052

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module TPM 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and...

Phpcms V9 uc api SQL注入漏洞

1.未启用ucenter服务的情况下uckey为空 define'UCKEY', pcbase::loadconfig'system', 'uckey'; 2. deleteuser接口存在SQL注入漏洞，UC算法加密的参数无惧GPC,程序员未意识到$get'ids'会存在SQL注入情况。 public function deleteuser$get,$post pcbase::loadappfunc'global', 'admin'; pcbase::loadappclass'messagequeue', 'admin' , 0; $ids =...