5771 matches found
Updated konversation package fixes security vulnerability
Due to and out-of-bounds read issue in Konversation in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message CVE-2014-8483...
SSL 3.0 MITM Attack
A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-3566. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak...
Apple Releases Security Updates for iOS and Apple TV
Apple has released security updates for iOS devices and Apple TV to address multiple vulnerabilities, one of which could allow an attacker to decrypt data protected by SSL. Updates available include: iOS 8.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later Apple ...
Memory corruption
Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...
OpenSSL 3.0 Protocol Vulnerability
US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. Exploitation of this vulnerability may allow a remote attacker to decrypt and extract information from inside an encrypted transaction. US-CERT recommends users and administrators review TA14-29...
UBUNTU-CVE-2014-3567
Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...
F5 Networks BIG-IP : SSL decryption vulnerabilities (SOL4944)
The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL4944. The text description of this plugin is C F5 Networks...
Apple Mac OS X Multiple Vulnerabilities -05 (Sep 2014)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-201408-10 : Libgcrypt: Side-channel attack
The remote host is affected by the vulnerability described in GLSA-201408-10 Libgcrypt: Side-channel attack A vulnerability in the implementation of ElGamal decryption procedures of Libgcrypt leaks information to various side-channels. Impact : A physical side-channel attack allows a remote...
Libgcrypt: Side-channel attack
Background Libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description A vulnerability in the implementation of ElGamal decryption procedures of Libgcrypt leaks information to various side-channels. Impact A physical side-channel attack allows a remote attacker to fully...
Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS
The version of Symantec Encryption Desktop installed on the remote host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially crafted...
Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS
The version of Symantec Encryption Desktop installed on the remote Mac OS X host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially...
Free CryptoLocker Ransomware Decryption Tool Released
When I say Ransomware, the first nasty piece of malware strikes in the mind is CryptoLocker. A nasty strain of ransomware malware that threatened most of the people around the world by effectively destroying important files of the victims forever. CRYPTOLOCKER - A DEVASTATING THREAT CryptoLocker ...
YXcms伪造cookie绕过验证任一用户登录
简要描述: 源代码中有对cookie的加解密函数,可以伪造cookie,而且程序使用cookie进行权限验证,可以实现任一用户登录。 详细说明: Protected/apps/members/controller/indexController.php public function login if!$this-isPost//不使用post时 $cookieauth=getcookie'auth';//此时直接从cookie中获取认证信息,我们跟进getcookie函数看能否伪造cookie绕过认证 if!empty$this-auth...
Multi Gather DbVisualizer Connections Settings
DbVisualizer stores the user database configuration in dbvis.xml. This module retrieves the connections settings from this file and decrypts the encrypted passwords. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Wireshark v1.10.8 - The world’s foremost network protocol analyzer
Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto and often de jure standard across many industries and educational institutions. Wireshark development thrives thanks to the...
Ipswitch IMail Server 7/8 Weak Password Encryption Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10956/info Ipswitch IMail is reported to use a weak encryption algorithm when obfuscating saved passwords. A local attacker who has the ability to read the encrypted passwords may easily derive the plaintext password if t...
Novell Netware 4.1/4.11 SP5B Remote.NLM Weak Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/482/info The encrypted passwords for Remote.NLM are remotely accessible to anyone with the ability to view SYS:System\LDRemote.NCF. The password encryption algorithm for Remote.NLM has been broken and can be decrypted wit...
Folder Lock 5.9.5 Weak Password Encryption Local Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30766/info Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner. A local attacker can exploit this issue to obtain passwords used by the application, which ma...
Computer Associates Unicenter Asset Manager Stored Secret Data Decryption Weakness
No description provided by source. source: http://www.securityfocus.com/bid/7808/info It has been reported that Unicenter Asset Manager stores password information in a way that may be easily recovered. Because of this, an attacker may be able to gain access to potentially sensitive resources...