5771 matches found
Mind that signal
The pace of change in mobile spying applications is rapid. However, when it comes to intercepting phone calls in the field, phones that use the older 2G mobile communications standard are easier to crack. Often, organizations that want to carry out an attack will force a mobile device from 3G int...
SiteEngine 7.1 members to upload WEBSHELL vulnerability 0DAY-vulnerability warning-the black bar safety net
Author:hackdn Reprinted indicate the zend encoding and decryption is not complete, do not bother to look at the code, use a Tamper or the like of the plug-in test of the POST parameters, it's$sFile = $oFile'name';filtering too fool, looks like the 5th version after you modify a function. This is ...
[ MDVSA-2012:038 ] openssl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:038 http://www.mandriva.com/security/ Package : openssl Date : March 26, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in...
Important: Red Hat Security Advisory: gnutls security update
Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
FreeBSD : OpenSSL -- CMS and S/MIME Bleichenbacher attack (60eb344e-6eb1-11e1-8ad7-00e0815b8da8)
The OpenSSL Team reports : A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...
Information disclosure
The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...
Vulnerability in OpenSSL - CMS and S/MIME Bleichenbacher attack
A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher’s attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected, SSL/TLS applications are not affected by this issue. Found...
CVE-2012-0884
The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...
NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption
Critical Vulnerability in DataArmor and DriveArmor 24 January 2012 Stuart Passe of NGS Secure has discovered a Critical vulnerability in DataArmor and DriveArmor. Impact: Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Versions affected: DataArmor 3.0.10 or greater...
openssl: uninitialized SSL 3.0 padding
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...
openssl: uninitialized SSL 3.0 padding
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...
Did Apple, RIM and Nokia Help The Indian Government Spy On The U.S.?
Documents purportedly lifted from Indian government servers contain explosive allegations: that leading Western firms including Apple Corp., Research in Motion and Nokia provided the government with secret access to mobile devices their mobile operating systems- access that the Indian government...
Vulnerability in OpenSSL - DTLS Plaintext Recovery Attack
OpenSSL was susceptable an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS by exploiting timing differences arising during decryption processing. Found by Nadhem Alfardan and Ken...
MyStore Tienda Virtual SQL Injection
======================================================================================== | Title : SQL Injection MyStore Tienda Virtual | | Author : Arturo Zamora | | email : [email protected] | | DAte : 02/01/2012 | | Verified : yes | | Risk : High | | Published: | | Script : MyStore...
shop363 online program really pass to kill the vulnerability 0day exploit-vulnerability warning-the black bar safety net
This app security is not very good, but one of the replace()function to write well, but did not find is how to write, and the injection of“space, select,%2 0, a+number, and//, etc. filter is empty. In searching out the loopholes in the statements a lot of trouble, I also do not write, directly to...
whmcs hosting management system 0day and fix-vulnerability warning-the black bar safety net
First register an id Submitted a ticket as follows...
Multi Gather Mozilla Thunderbird Signon Credential Collection
This module will collect credentials from Mozilla Thunderbird by downloading the necessary files such as 'signons.sqlite', 'key3.db', and 'cert8.db' for offline decryption with third party tools. If necessary, you may also set the PARSE option to true to parse the sqlite file, which contains...
Google Implements Forward Secrecy
Google is stepping up their security game in a big way for the second time this year: introducing a more secure browsing method known as forward secrecy in Gmail and a number of other Web-based services, according to a post on the GoogleOnlineSecurity blog. In recent months, the Silicon Valley...
Windows Gather McAfee ePO 4.6 Config SQL Credentials
This module extracts connection details and decrypts the saved password for the SQL database in use by a McAfee ePO 4.6 server. The passwords are stored in a config file. They are encrypted with AES-128-ECB and a static key. This module requires Metasploit: https://metasploit.com/download Current...
DSA-2330-1 simplesamlphp - several
Bulletin has no description...