Quantum Secure Blind Decryption with Two Users

We propose two types of protocols for quantum secure blind decryption, involving two users and servers. User 1 holds the encrypted ciphertext. The servers store several indexed keys including the key encrypting the ciphertext. User 2 aims to obtain the decrypted text. The protocols are designed t...

EUVD-2017-5936

Malware in sbrugna...

RockyLinux 9 : mod_auth_openidc (RLSA-2025:9396)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9396 advisory. modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled CVE-2025-3891 Tenable has extracted the preceding description block directly fr...

CVE-2025-54174

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

The vulnerability in the /goform/form2lansetup.cgi microprogramming system of D-Link DIR-816 allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in the /goform/form2lansetup.cgi microprogramming system of D-Link DIR-816 relates to the issue of data being written outside the buffer in memory during the processing of the IP parameter. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...

The vulnerability of the Remote_help-cgi file in the microprogramming software for network storage devices Zyxel NAS326 and NAS542 allows a intruder to execute arbitrary code.

The vulnerability of the Remotehelp-cgi file in the microprogramming software for network storage devices Zyxel NAS326 and NAS542 exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor ...

The vulnerability of the formexeCommand() function in Tenda i21 router microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formexeCommand function in Tenda i21 router microprogramming software is related to the operation that occurs outside the buffer in memory when processing the cmdinput parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality,...

SUSE CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

WAVLINK WL-WN579G3 and WL-WN575A3 Information Disclosure Vulnerability

WAVLINK WL-WN579G3 and WL-WN575A3 are both wireless network signal extenders from China-based RuiYin Technology WAVLINK. A security vulnerability exists in the backup function in WAVLINK WL-WN579G3 - M79X3.V5030.180719 version and WL-WN575A3 - RPT75A3.V4300.180801 version. An attacker can exploit...

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

Electroneum: Hackerone [Mainsite Vulnerability]

96 Hello, I was checking out the website Electroneum – Crowdfunding Token Sale – Electroneum – the mobile based cryptocurrency for any vulnerabilities through hackerone. I would like to submit a vulnerability for consideration towards a bounty. Currently you have the file...

Brave Software: Access to local file system using javascript

Hey, The browser can access the local files using iframes with a local html file. this is very normal and often used for local web development but javascript shouldn't be able to get the content of that iframe because this can be used to post the contents to the attackers server. something else I...

FS-NyarL - Network Takeover & Forensic Analysis Tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :- A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at...

[FS-NyarL] A network takeover & forensic analysis tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :- A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at...

CVE-2013-2686

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which...

CVSTrac 2.0.0 Post-Attack Database Resurrection DoS Exploit

Exploit for cgi platform in category web applications =========================================================== CVSTrac 2.0.0 Post-Attack Database Resurrection DoS Exploit =========================================================== cvstrack-resurrect.pl -- CVSTrac Post-Attack Database...

CVSTrac 2.0.0 - Defacement Denial of Service

cvstrack-resurrect.pl -- CVSTrac Post-Attack Database Resurrection Copyright c 2007 Ralf S. Engelschall use DBI; requires OpenPKG perl-dbi use DBD::SQLite; requires OpenPKG perl-dbi, perl-dbi::withdbdsqlite=yes use DBIx::Simple; requires OpenPKG perl-dbix use Date::Format; requires OpenPKG...

CVE-2003-1084

Monit 1.4 to 4.1 allows remote attackers to cause a denial of service daemon crash via an HTTP POST request with a negative Content-Length field...