Thanks for backing me up on a number of things. Only one response below.
The site you linked mentioned 64bit block ciphers are vulnerable, even
in CTR mode. Obviously the birthday “paradox” applies. Regardless of
how right or wrong you are about Sweet32, this far from the most
important thing *implementors* should be worried about. Obviously if
they start with AES, then the birthday paradox issues are vastly
reduced. Any…
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page[‘tab’] variable (aka the mode parameter).
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
That is wrong. CBC mode allows attacks such as “Sweet32”
(https://sweet32.info/), which is not possible with CTR mode.
Correct again, but too simple minded. Any encryption without integrity
protection does not provide confidentiality against an active attacker.
Using the wrong mode with a block cipher can render authentication
irrelevant in attacks on confidentiality.
An independent research uncovered a critical vulnerability in SwiftMailer that
could potentially be used by (unauthenticated) remote attackers to achieve
remote arbitrary code execution in the context of the web server user and
remotely compromise the target web…
This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.