4 matches found
CVE-2019-10907
Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users...
Abroad a Blog program 0day-vulnerability warning-the black bar safety net
Author: YJPS reprint please indicate the Recently bored to go abroad on the site wandering around and see a nice Blog system, you can register the user and assign a secondary directory. The more boring it is to detect the next, the following is the analysis of the results. Site: Vulnerability...
memberlist.php of vBulletin
vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...
SA2K01.txt
-----/ SA2K01 /-------------------------------/ SecurityApex.com /---- A quick fix against RFP2101 ------------------------------------/ Max / [email protected] Table of contents: -/ 1 / Information on the exploit -/ 2 / Fix for the exploit -/ 3 / Credits...