ARRIS DG860A - NVRAM Backup Password Disclosure

!/usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text. box:arris-dev cosmo$ wget http://192.168.0.1/router.dat...

ARRIS DG860A NVRAM Backup Compressor / Decompressor

! /usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text. box:arris-dev cosmo$ wget http://192.168.0.1/router.da...

Amazon Linux AMI : busybox (ALAS-2012-103)

A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute...

OSX Manage Webcam

This module will allow the user to detect installed webcams with the LIST action, take a snapshot with the SNAPSHOT action, or record a webcam and mic with the RECORD action This module requires Metasploit: https://metasploit.com/download Current source:...

SOL14634 - SSL/TLS BREACH vulnerability CVE-2013-3587

Vulnerability Recommended Actions To mitigate this vulnerability, you can disable HTTP compression, or only enable HTTP compression for static content. For information about configuring HTTP compression, refer to the product guides for your specific product and version. Impact of action: Slower...

BREACH Compression Attack Steals HTTPS Response Secrets

A serious attack against ciphertext secrets buried inside HTTPS responses has prompted an advisory from Homeland Security. The BREACH attack is an offshoot of CRIME, which was thought dead and buried after it was disclosed in September. Released at last week’s Black Hat USA 2013, BREACH enables a...

BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

BREACH vulnerability in compressed HTTPS

Overview By observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream. Description Angelo Prado of Salesforce.com reports:Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS...

Oracle Linux 3 : libtiff (ELSA-2008-0863)

From Red Hat Security Advisory 2008:0863 : Updated libtiff packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff packages contain a library of...

Oracle Linux 5 / 6 : openssl (ELSA-2013-0587)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0587 advisory. - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 - DoS in OCSP signatures checking 908052 - enable compression on...

Oracle Linux 4 : libtiff (ELSA-2008-0848)

From Red Hat Security Advisory 2008:0848 : Updated libtiff packages that fix various security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff packages contain a...

Oracle Linux 3 / 4 : ncompress (ELSA-2006-0663)

From Red Hat Security Advisory 2006:0663 : Updated ncompress packages that address a security issue and fix bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The ncompress package contains file compression and decompression...

Oracle Linux 6 : libtiff (ELSA-2011-0452)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0452 advisory. 3.9.4-1.el60.3 - Add fix for CVE-2009-5022 Resolves: 696143 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : openssl vulnerability (USN-1898-1)

The TLS protocol 1.2 and earlier can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext content by observing length differences during a series of guesses in which a provided string potentially...

Ubuntu: Security Advisory (USN-1898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1898-1: OpenSSL vulnerability

The TLS protocol 1.2 and earlier can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows machine-in-the-middle attackers to obtain plaintext content by observing length differences during a series of guesses in which a provided string potentially...

CentOS 4 : libtiff (CESA-2008:0848)

Updated libtiff packages that fix various security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged...

BitZipper Installed

BitZipper, a data compression tool, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66554; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/01/31"; scriptnameenglish:"BitZipper Installed";...

Fedora Update for openvpn FEDORA-2013-7552

Check for the Version of openvpn OpenVAS Vulnerability Test Fedora Update for openvpn FEDORA-2013-7552 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...