12 matches found
EUVD-2024-34810
Malicious code in bioql PyPI...
CVE-2024-34454
Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature and because is accepted as a Common Name...
CVE-2020-9207
CVE-2020-9207 describes an improper authentication vulnerability in Huawei CloudEngine products. A module fails to verify input files, allowing attackers to craft malicious files to bypass verification and potentially disrupt normal service. Connected sources confirm the issue affects Huawei Clou...
Remote code execution
Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller BMC program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the...
CVE-2020-26122
Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller BMC program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the...
Remote Code Execution
friendsoftypo3/mediace is vulnerable to remote code execution. An attacker who has access to Extbase plugin or module action within a TYPO3 installation is able to execute arbitrary code by injecting arbitrary data with a valid cryptographic MAC. The vulnerability exists due to an insecure intern...
Sensitive Information Disclosure
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...
Code injection
On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints...
With Yahoo and Paypal is related to two distinct vulnerabilities-vulnerability warning-the black bar safety net
! This article share with Yahoo and Paypal is related to two unique vulnerability, one for Yahoo IDOR vulnerability insecure direct object references, another for Paypal, DoS vulnerabilities, two vulnerabilities found are for the Indian security engineers, which found that principles and ideas ar...
CVE-2017-3204
The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...
PayPal Inc BB #127 - 2FA Bypass Vulnerability
Document Title: =============== PayPal Inc BB 127 - 2FA Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1903 Release Date: ============= 2016-08-12 Vulnerability Laboratory ID VL-ID: ==================================== 1903 Common...
Cisco Unified IP Phones Multiple Vulnerabilities (cisco-sa-20110601-phone)
According to its self-reported version, the version of the Cisco Unified IP Phone software running on the remote device has the following vulnerabilities : - Cisco Unified IP Phones 7900 series are prone to privilege escalation vulnerabilities. An authenticated attacker could exploit this issue t...