Showing 1 - 11 of 11

Files from Scott Arciszewski

OpenCart Failed Fix: Posted Jan 21, 2016; Authored by Scott Arciszewski; OpenCart failed to properly address a directory traversal vulnerability.; tags | advisory; SHA-256 | 70f25d17535ccb3b77e499f6d07f084657b709f051cdb9e0bdf5b5143c82a422; Download | Favorite | View

Joomla Cryptography Fails: Posted Nov 10, 2015; Authored by Scott Arciszewski; Joomla suffers from multiple cryptography implementation failures.; tags | advisory; SHA-256 | 61b4876ccf507a048a68db4b5ed50b628aece6c0f38d64eb29d8dab27804ced1; Download | Favorite | View

Anchor CMS PHP Object Injection: Posted Aug 27, 2015; Authored by Scott Arciszewski; Anchor CMS suffers from a PHP object injection vulnerability.; tags | advisory, php; advisories | CVE-2015-5687; SHA-256 | 01360b0ef87b8be3a5a7368eac27d098cc885b14e087ad44e9eb0a5154ed8a8b; Download | Favorite | View

Tutanota Encrypted Email Missing MAC: Posted Jun 21, 2015; Authored by Scott Arciszewski; The symmetric-key encryption used in Tutanota is vulnerable to ciphertext malleability (a.k.a. arbitrary bit rewriting), since they fail to authenticate their ciphertexts.; tags | advisory, arbitrary; SHA-256 | 00f4d00f46d790844e3f65ca4d008f1940000c4fbc31fee4ddcc2012120e85ae; Download | Favorite | View

RNCryptor Timing Issue: Posted Jun 10, 2015; Authored by Scott Arciszewski; RNCryptor suffers from a timing side-channel attack and an issue where use of the == operator can treat strings as floats, depending on the input.; tags | advisory; SHA-256 | 91d75b866237d8e9f6b88cc485195d990c8576d0129faf8f6f7acc349ce56cd7; Download | Favorite | View

Laravel Framework PHP Object Injection: Posted Apr 20, 2015; Authored by Scott Arciszewski; Laravel Framework versions since 4.1 suffer from a PHP objection injection vulnerability when encryption is turned off.; tags | advisory, php; SHA-256 | 77f22e2a8757288c75c6f2b204358f81cc4f63d582e81dad74eced0ce382209a; Download | Favorite | View

Slim PHP Framework 2.5.0 Weak Cryptography: Posted Mar 2, 2015; Authored by Scott Arciszewski; Slim PHP Framework versions 2.5.0 and below suffer weak cryptographic implementations.; tags | advisory, php; SHA-256 | 7304a663661117ba1736dac58d918a2592aaf4e52793385fbe106cd9354f2843; Download | Favorite | View

WordPress Failed Randomness: Posted Feb 12, 2015; Authored by Scott Arciszewski; All versions of WordPress fail to implement a cryptographically secure pseudorandom number generator.; tags | advisory; advisories | CVE-2014-6412; SHA-256 | 170595a1bbe7e09d77645ac1e3ed66ad3b2cd04dd4cb157b616751c9edc794df; Download | Favorite | View

Xornic Contact Us Form CAPTCHA Bypass / XSS: Posted Jun 9, 2014; Authored by Scott Arciszewski; Xornic Contact Us form suffers from CAPTCHA bypass and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, bypass; SHA-256 | f7f6f5c25b99917ad641595ded915f613025726e7ddbd6dc32534152425bf990; Download | Favorite | View

CodeIgniter / Kohana PHP Object Injection / Timing Attack: Posted May 13, 2014; Authored by Scott Arciszewski; CodeIgniter versions 2.1.4 and below and Kohana versions 3.2.3 and below and 3.3.2 and below suffer from PHP object injection, a timing attack, and a remote code execution vulnerability.; tags | advisory, remote, php, code execution; SHA-256 | d357c2844cd74c3664747fff941d56d0608de1bd1ced834e031486b9328c8121; Download | Favorite | View

Pastebin CAPTCHA Bypass: Posted Nov 28, 2013; Authored by Scott Arciszewski; Pastebin suffers from a CAPTCHA bypass vulnerability.; tags | exploit, bypass; SHA-256 | 56392168410383eae1397d73dcb93faad1595c25e457f29f5a49e99776da26ab; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days