Amazon
Monthly
Amazon::Credentials for Perl versions through 1.2.0 uses the predictable built-in rand() function to generate 64-bit encryption keys for credential obfuscation, allowing attackers to recover stored credentials through key prediction rather than cryptographic attack. Affects Perl applications that depend on this library to protect AWS credentials and similar secrets in memory or serialized objects. No authentication required; exploitation requires access to the encrypted credential object and knowledge of the rand() seed.
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Amazon::Credentials for Perl versions through 1.2.0 uses the predictable built-in rand() function to generate 64-bit encryption keys for credential obfuscation, allowing attackers to recover stored credentials through key prediction rather than cryptographic attack. Affects Perl applications that depend on this library to protect AWS credentials and similar secrets in memory or serialized objects. No authentication required; exploitation requires access to the encrypted credential object and knowledge of the rand() seed.
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.