1127 matches found
Foxit Reader 4.1.1 - Local Stack Buffer Overflow
Exploit Title : Foxit 4.1.1 Date : 13/11/2010 Author : Sud0 Bug found by : dookie Original POC : https://www.exploit-db.com/exploits/15514/ Software Link : http://www.foxitsoftware.com/downloads/index.php Version : 4.1.1 OS : Windows Tested on : XP SP3 En VirtualBox Type of vuln : EIP / SEH Thank...
21-Year-Old Matt Bergin Shines in U.S. Cyber Challenge, Wins Second Place
Quick Summary Matt Bergin, a 21-year-old sales representative by day, spends his nights hacking into network systems. Recognized Talent: Bergin's skills led to an invitation to the U.S. Cyber Challenge, organized by the White House and U.S. Navy. Impressive Achievement: He secured 2nd place in th...
Verizon DBIR Challenge Clue #2
This year’s Verizon Data Breach Investigations Report DBIR challenge is well and truly underway. I see where the public contestants are stumped so, here’s a clue to nudge them along: “The “F+” is one of those things that seem like something important at first but turns out to be nothing.” Keep...
Verizon DBIR Cryptography Challenge: Here's The First Clue
So, according to a little birdie tweeting in the night, the 2010 Verizon Data Breach Investigations Report DBIR contains another encryption challenge that leads to actual cash prizes. Last year, after I dropped a big clue here, Grant Stavely, Chris Eng and others decoded the hidden message on the...
Facebook Employees Crack Admin Security
Senior engineers at Facebook responsible for SRE site reliability engineering challenged Facebook employees to try to compromise him and gain access to Facebook’s administrative system via information obtained from him. They succeeded. Read the full article. TechCrunch...
FreeBSD Security Advisory (FreeBSD-SA-10:05.opie.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-10:05.opie.asc SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Cyber Challenge Tests Nation's Top Hackers
CNN reports on the U.S. Cyber Challenge, which is aimed at identifying young people with exceptional computer skills and inspiring them to join the country’s woefully understaffed ranks of cybersecurity specialists...
SEIL/B1 authentication issue
Overview SEIL/B1 contains an issue in the implementation of the PPP Access Concentrator PPPAC function, which may allow replay attacks to be performed during the authentication process. The PPP Access Concentrator PPPAC function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2...
SuSE 11 Security Update : Evolution (SAT Patch Number 778)
camel's NTLM SASL authentication mechanism as used by evolution did not properly validate server's challenge packets. CVE-2009-0582 This update also includes the following non-security fixes : - Fixes a critical crasher in mailer component. - Fixes creation of recurrence monthly items in GroupWis...
SuSE9 Security Update : imap (YOU Patch Number 9885)
This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5. Due to this mistake a remote attacker can gain access to the IMAP server as arbitrary user. CVE-2005-0198 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...
Hidden message in Verizon breach report
Last week, after I dropped clues that the cover of this year’s Verizon Data Breach Investigations Report contained a cryptographic challenge, several readers immediately jumped on the challenge. In this blog post, Veracode’s Chris Eng provides a fun walk-through of how he decoded the pattern of 1...
Mandrake Security Advisory MDVSA-2009:078 (evolution-data-server)
The remote host is missing an update to evolution-data-server announced via advisory MDVSA-2009:078. OpenVAS Vulnerability Test $Id: mdksa2009078.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:078 evolution-data-server Authors: Thomas Reinke...
evolution-data-server: insufficient checking of NTLM authentication challenge packets
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
evolution-data-server: insufficient checking of NTLM authentication challenge packets
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
evolution-data-server: insufficient checking of NTLM authentication challenge packets
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
DEBIAN-CVE-2009-0582
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
System: missing public key challenge proof verification in the TPS component
The verifyProof function in the Token Processing System TPS component in Red Hat Certificate System RHCS 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileg...
smb-security-mode NSE Script
Returns information about the SMB security level determined by SMB. Here is how to interpret the output: User-level authentication: Each user has a separate username/password that is used to log into the system. This is the default setup of pretty much everything these days. Share-level...
FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc ADV FreeBSD-SA-06:12.opie.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft In...
FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...