FreeBSD : tarsnap -- cryptographic nonce reuse (2c2d4e83-2370-11e0-a91b-00e0815b8da8)

Colin Percival reports : In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk. Note that since th...

tarsnap -- cryptographic nonce reuse

Colin Percival reports: In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk. Note that since the...

Microsoft Windows - NTLM Weak Nonce (MS10-012)

Microsoft Windows - NTLM Weak Nonce MS10-012 Windows SMB NTLM Authentication Weak Nonce Vulnerability Security Advisory Hernan Ochoa [email protected] - Agustin Azubel [email protected] Title: Windows SMB NTLM Authentication Weak Nonce Vulnerability Advisory ID: OCHOA-2010-0209...

Mod-X Cross Site Request Forgery / Cross Site Scripting

Got bored and decided to break the new website of the company I work for. Throughout I'll be dropping two new exploits that were chained to allow the changing of the administrative password of a default mod-x install. This is not a full review of mod-x, my main goal was just to break something, s...

CVE-2010-0554

The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack...

XTACACSD 4.1.2 Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'XTACACSD %q...

CVE-2009-0891

The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 7.0.0.1, 6.1 before Fix Pack 23 6.1.0.23,and 6.0.2 before Fix Pack 33 6.0.2.33 does not properly enforce 1 nonce and 2 timestamp expiration values in WS-Security bindings as stored in the...

asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. =========================================================================================== o asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability Software : asiCMS version alpha 0.208 Vendor : http://asicms.sourceforge.net/ Download :...

Wordpress MU < 1.3.2 active_plugins option Code Execution Exploit

No description provided by source. ?php / WordPress MU blog's options overwrite Credits : Alexander Concha alex at buayacorp dot com Website : http://www.buayacorp.com/ Advisory: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html This exploit uses activeplugins option to...

Design/Logic Flaw

The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks...

CVE-2007-1533

The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks...

CVE-2007-1533

CVE-2007-1533 affects the Teredo implementation in Microsoft Windows Vista. The issue: the Teredo nonce is reused across different UDP ports within a solicitation session, enabling remote attackers to brute-force and spoof the nonce. Documents describe a network-exposed impact (remote spoofing po...

CVE-2007-1533

The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks...

CVE-2007-1049

Cross-site scripting XSS vulnerability in the wpexplainnonce function in the nonce AYS functionality wp-includes/functions.php for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and...

Cross site scripting

Cross-site scripting XSS vulnerability in the wpexplainnonce function in the nonce AYS functionality wp-includes/functions.php for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and...

httpd mod_digest nonce not verified

moddigest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret...

Moderate: Red Hat Security Advisory: apache, mod_ssl security update

Updated apache and modssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The modssl module provides strong...

GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200405-22 Apache 1.3: Multiple vulnerabilities On 64-bit big-endian platforms, modaccess does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses...

Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)

Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its...

Apache 1.3: Multiple vulnerabilities

Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description On...