CVE-2013-0943

EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin...

EFF: Forced Decryption Violates Fifth Amendment

If the government would like to force Jeffrey Feldman to decrypt the contents of the hard-drives and Dell computer found in his apartment, then they must offer him immunity and cannot use any of the information found on the devices as part of their case against him. That is what the Electronic...

Oracle Linux 5 : libxslt (ELSA-2008-0649)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2008-0649 advisory. 1.1.17-2.0.1.el52.2 - Added libxslt-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.17-2.el52.2 - fix various problems in libexslt RC4...

Cryptocat Key Generation Vulnerability Put Chats at Risk

Cryptocat, an open source encrypted Web-based chat application, is taking heat from numerous places after a vulnerability was discovered that put chats at risk for relatively simple decryption, experts say. Worse, says researcher Steve Thomas who found the flaw, is that it likely was present in t...

Cherry enterprise cms V3. 1 SQL injection and arbitrary administrator account password change. Delete-bug warning-the black bar safety net

Cherry enterprise website management system V3. 1 SQL injectionand any administrator account password to modify. Delete vulnerability Program download address: http://down.chinaz.com/soft/31227.htm Vulnerability file: newscategory. asp Set rs = server. CreateObject"adodb. recordset" sql ="select...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

CVE-2013-0148

The Data Camouflage aka FairCom Standard Encryption algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certai...

Default configuration

The Data Camouflage aka FairCom Standard Encryption algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certai...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

OpenVPN cryptography weakness

It's possible to inject and decript ciphertext in UDP mode...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

Google AD Sync Tool Vulnerability (GADS)

Exploit for multiple platform in category local exploits Due to a weakness in the way the Java encryption algorithm PBEwithMD5andDES has been implemented in the GADS tool all stored credentials can be decrypted into plain-text. This includes all of the encrypted passwords stored in any end-users...

Google AD Sync Tool - Exposure of Sensitive Information Vulnerability - Security Advisory - SOS-13-001

Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync GADS Tool Platform. Windows, Linux, Solaris Affected versions. All versions up to 3.1.3 Severity Rating. High Impact. Exposure of...

[DynDNS Password Decryptor] Free Desktop Tool to Recover DynDNS Password

DynDNS Password Decryptor is a free desktop tool to instantly decode and recover DynDNS password. DynDNS - a popuar Dynamic DNS management solution offering enterprise-level DNS performance and reliability. This tool automatically detects locally installed 'DynDNS Updater Client' and displays the...

[Juniper Password Decryptor] Tool to Decode and Recover Juniper $9$ Passwords

Juniper Password Decryptor is a free desktop tool to instantly decode and recover Juniper $9$ Passwords. Juniper Router allows you to configure 2 types of passwords, Juniper $1$ Password: Here MD5 hash of the password is stored. It starts with $1$ and requires brute-force technique to recover the...

Attack Exploits Weakness in RC4 Cipher to Decrypt User Sessions

It’s been more than 25 years since Ron Rivest invented his RC4 stream cipher, and after all that time it’s still being used widely, which is something of an achievement in the crypto world. However, for more than 15 years researchers have known about a weakness in RC4 that could enable an attacke...

Verax NMS Hardcoded Private Key (CVE-2013-1352)

Verax NMS Hardcoded Private Key CVE-2013-1352 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...

Ubuntu 12.04 LTS / 12.10 : openssl regression (USN-1732-2)

USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. We apologize for the inconvenience. Adam...

USN-1732-2: OpenSSL regression

USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. We apologize for the inconvenience. Original...