14 matches found
EUVD-2021-30328
Malicious code in bioql PyPI...
CVE-2021-43393
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
CVE-2021-43393
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
CVE-2021-43392
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...
Code injection
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...
Code injection
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
CVE-2021-43392
CVE-2021-43392 affects STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN, exposing information about cryptographic secrets via the ECDSA signature algorithm on the Java Card 3.0.4 API. The issue is exploitable for STSAFE-J in closed configurations and for J-SIGN when signature verifica...
CVE-2021-43392
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...
CVE-2021-43393
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
CVE-2021-43393
CVE-2021-43393 affects STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN, due to how ECDSA verification is exposed via the Java Card API (3.0.4). The issue allows abuse of signature verification and is exploitable for STSAFE-J in closed configurations and J-SIGN when verification is ac...
STMicroelectronics STSAFE-J 数据伪造问题漏洞
The STMicroelectronics STSAFE-J is a highly secure solution from STMicroelectronics Switzerland. It acts as a security element by providing authentication, data management and encryption services to local or remote hosts. Security vulnerabilities exist in the STMicroelectronics STSAFE-J that coul...
WAFW00F v1.0.0 - Detect All The Web Application Firewall!
WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...
Maccms V8 后台Getshell #2(绕过过滤)
简要描述: 现在 V8版本 基本全部文件都有zend加密了。 而且还有360safe3.php保护 刚开始以为没搞头的,结果有个妹子发来微信。 妹子:在干嘛? 我:挖洞 妹子:一个人挖? 我:对啊! 妹子:我过去陪你一起挖吧! 我马上关机。擦,想跟老子抢乌云币?果断一个人作死开挖 详细说明: 注意下,这里@农村教师 WooYun: 苹果CMS全版本getshell打包第一弹 之前提交过类似的后台getshell,但是修补了。。。 不废话,直接可耻的绕过它 1. 目录浏览 maccms后台有个接口,但是限制了,只能访问目录template里的文件...
nginx explosive integer overflow vulnerability-vulnerability warning-the black bar safety net
Qihoo 3 6 0 security research team recently discovered nginx a serious vulnerability, the vulnerability exists in nginx ngxhttpcloseconnection function, the attacker can construct r-count is less than 0 or greater than 2 5 5 malicious HTTP request, the vulnerability could remotely execute arbitra...