A new certificate-based proxy blind signature scheme is analyzed, which is proposed by Di Zhengyuan etc.. However, this scheme is insecure, because it can suffer from at least two types of public key replacement attack. That is, any one can replace the public key of the original singer or the public key of the proxy singer, and then forge a valid proxy signature on any message. In addition, the new certificate-based aggregate signature scheme propose by Chen Jianneng etc., is analyzed. The result showed that their signature scheme also can suffer from the public key replacement attack. Furthermore, the attack method in this paper has valuable reference to the construction of the type of certificate-based proxy signature.