25 matches found
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...
EUVD-2018-12587
Malware in sbrugna...
EUVD-2018-12588
Malware in sbrugna...
EUVD-2018-3438
Malware in sbrugna...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
DomainMOD 4.11.01 ssl-provider-name Cross Site Scripting
Exploit Title : DomainMOD 4.11.01 and before - 'ssl-provider-name' Cross-Site Scripting Author Discovered By : Mohammed Abdul Raheem Company Name : TrekShield IT Solutions Date : 14-02-2019 Vendor Homepage : https://domainmod.org/ Software Information Link : https://github.com/DomainMod/DomainMod...
DomainMOD 4.11.01 - ssl-provider-name Cross-Site Scripting
DomainMOD 4.11.01 - ssl-provider-name Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version:...
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-20009 A Stored Cross-site...
Default credentials
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field...
Default credentials
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field...
CVE-2018-20009
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field...
CVE-2018-20010
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field...
CVE-2018-20009
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field...
CVE-2018-20010
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field...
CVE-2018-11404
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter...
Design/Logic Flaw
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter...