27 matches found
CVE-2022-23334
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...
CVE-2019-16753
An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatur...
EUVD-2019-7290
Malware in sbrugna...
EUVD-2022-28414
Malicious code in bioql PyPI...
Quest KACE Systems Management Appliance 14.1 Unauthenticated Backup Upload
Seralys Security Advisory - Quest KACE SMA allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity. Version 14.1 is...
CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...
CVE-2023-2987
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wapdxopconfigset' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the...
PT-2023-22457 · WordPress · Wordapp
Name of the Vulnerable Software and Affected Versions: Wordapp plugin for WordPress versions up to, and including, 1.5.0 Description: The issue is related to an authorization bypass due to the use of an insufficiently unique cryptographic signature on the wa pdx op config set function. This allow...
CVE-2022-23334
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...
CVE-2022-23334
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...
Design/Logic Flaw
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...
CVE-2022-23334
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...
PT-2023-12716 · Ip Label · Ip-Label Newtest
Name of the Vulnerable Software and Affected Versions: Ip-label Newtest versions prior to 8.5R0 Description: The Robot application in Ip-label Newtest was discovered to use weak signature checks on executed binaries. This allows attackers to have write access and escalate privileges via replacing...
CVE-2022-23334
The CVE-2022-23334 vulnerability affects Ip-label Newtest’s Robot application prior to version 8.5R0. The issue is weak signature checks on binaries before execution, enabling an attacker to gain write access and escalate privileges by replacing NEWTESTREMOTEMANAGER.EXE. Affected software is Ip-l...
CVE-2022-23334
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...
ONLYOFFICE 授权问题漏洞
Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08, which stems from being affected by incorrect access control. Due to a weak default URL signature key, it is possible to forge a signed...
USN-4233-2 gnutls28 update
USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFYALLOWBROKEN and %VERIFYALLOWSIGNWITHSHA1 priority strings that can be used to temporarily re-enable SHA1 until...
CVE-2019-16753
An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatur...
CVE-2019-16753
An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatur...
CVE-2019-16753
CVE-2019-16753 concerns the Decentralized Anonymous Payment System (DAPS) and affects Private Instant Verified Transactions (PIVX) up to 3.4.0. The root cause is that the data to be signed is formed as a representation of strings rather than their binary representations, creating a weak signature...