21 matches found
CVE-2025-48931
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...
CVE-2025-48931
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...
Malwarebytes acquires Cyrus Security
Today, I am absolutely thrilled to share some exciting news: Malwarebytes is officially welcoming Cyrus Security into our family. This acquisition signifies an exciting chapter in our journey, and I wanted to share why this development is so special, and what it means for the millions who trust...
WordPress User Registration 3.0.2 Arbitrary File Upload
Description: User Registration = 3.0.2 – Authenticated Subscriber+ Arbitrary File Upload Affected Plugin: User Registration – Custom Registration Form, Login Form And User Profile For WordPress Plugin Slug: user-registration Affected Versions: = 3.0.2 CVE ID: CVE-2023-3342 CVSS Score: 9.9 Critica...
The Software-Defined Car
Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go...
Number of prizes math is wrong
Handle cmichel Vulnerability details The math described in Splitting the prizes and implemented in DrawCalculator.numberOfPrizesForIndex seems to be wrong. Assuming a bit range of 4 16 possibilities per position and cardinality of 8. Note that degree is determined by the first position where it...
CVE-2020-25105
eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token createHash has only a million possibilities...
CVE-2020-10780
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...
CVE-2020-10780
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...
Input validation
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...
Exploits and Security Tools Framework: EaST Framework
Exploits and Security Tools Framework Pentest framework environment is the basis of IT security specialist’s toolkit. This software is essential as for learning and improving of knowledge in IT systems attacks and for inspections and proactive protection. The need of native comprehensive open...
Microsoft Lync Server / Skype for Business crossite scripting
Multiple crossite scripting possibilities...
Synology Download Station crossite scripting
Few crossite scripging possibilities...
PT-2017-6668 · Nts +3 · Ntp +3
Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.8px through 4.2.8p2-RC2 ntp versions 4.3.x through 4.3.12 Description: The issue is related to the generation of MD5 keys with insufficient entropy on big endian machines under specific conditions. This might allow remote...
HP AssetManager crossite scripting
Multiple crossite scripting possibilities...
eDisplay Personal FTP server 1.0.0 Multiple Post-Authentication Crash
Exploit for windows platform in category dos / poc =========================================================================== eDisplay Personal FTP server 1.0.0 Multiple Post-Authentication Crash PoC =========================================================================== Title: eDisplay...
RSA WebID crossite scripting
Multipel crossite scripting possibilities...
Unfixed XSS vulnerability at www.endlesspossibilities.us
Security researcher BackDoor, has submitted on 13/10/2007 a cross-site-scripting XSS vulnerability affecting www.endlesspossibilities.us, which at the time of submission ranked 1603020 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/11/2007...
waraxe-2007-SA051.txt
waraxe-2007-SA051 - Sql Injection in 2z Project 0.9.5 ==================================================================== Author: Janek Vind "waraxe" Date: 23. May 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-51.html Target software description: Vulnerable: 2z Project 0.9.5...
Multiple Windows ASN.1 bugs
Heap corruptions, heap buffer overflows open possibilities for attack via different protocols and applications...