5770 matches found
Fedora Update for opensc FEDORA-2010-19193
Check for the Version of opensc OpenVAS Vulnerability Test Fedora Update for opensc FEDORA-2010-19193 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
Fedora Update for opensc FEDORA-2010-19192
Check for the Version of opensc OpenVAS Vulnerability Test Fedora Update for opensc FEDORA-2010-19192 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
[SECURITY] Fedora 14 Update: opensc-0.11.13-6.fc14
OpenSC is a package for for accessing smart card devices. Basic functionality e.g. SELECT FILE, READ BINARY should work on any ISO 7816-4 compatible smart card. Encryption and decryption using private keys on the smart card is possible with PKCS 15 compatible cards, such as the FINEID Finnish...
AttacheCase may insecurely load executable files
Overview AttacheCase may use unsafe methods for determining how to load executables .exe. AttacheCase is a file encryption/decryption software. AttacheCase loads certain executables .exe when decrypting files, if certain settings are applied. AttacheCase contains an issue with the file search pat...
JVN#02175694: AttacheCase may insecurely load executable files
AttacheCase is a file encryption/decryption software. AttacheCase loads certain executables .exe when decrypting files, if certain settings are applied. AttacheCase contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code wi...
New GpCode Variant Demanding Cash For Decryption Key
There’s a new version of the venerable GpCode ransomware attack making the rounds right now, demanding payments of $120 in order to decrypt files on infected PCs. This version, which has been active for several days now, is different from previous variants in that it overwrites the original files...
CVE-2010-3868
Red Hat Certificate System RHCS 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authorit...
Authentication flaw
Red Hat Certificate System RHCS 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authorit...
CVE-2010-3868
Red Hat Certificate System RHCS 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authorit...
System: unauthenticated user can request SCEP one-time PIN decryption
Red Hat Certificate System RHCS 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authorit...
MS10-070 ASP.NET Auto-Decryptor File Download Exploit
Exploit for windows platform in category remote exploits ===================================================== MS10-070 ASP.NET Auto-Decryptor File Download Exploit ===================================================== !/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All...
Microsoft ASP.NET - Padding Oracle File Download (MS10-070)
!/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using Vaudenay's cbc-padding-oracle-side-channel Encrypt data using Rizzo-Duong CBC-R...
Buffer overflow
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services IIS, provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State aka VIEWSTATE for...
CVE-2010-3332
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services IIS, provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State aka VIEWSTATE for...
CVE-2010-2306
The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...
CVE-2010-2306
The CVE-2010-2306 entry concerns the default installations of Sourcefire 3D Sensor 1000/2000/9900 and Defense Center 1000 sharing the same static private SSL keys across devices/installations. This key reuse enables a remote attacker to perform a man-in-the-middle and decrypt SSL traffic. The pro...
ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability
ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-107 June 10, 2010 -- Affected Vendors: Sourcefire -- Affected Products: Sourcefire 3D Sensor 1000 Sourcefire 3D Sensor 2000 Sourcefire 3D Sensor 9900 Sourcefire Defense...
Multiple Sourcefire Products Static Web SSL Keys Vulnerability
This vulnerability allows remote attackers to decrypt secure socket layer SSL communications directed to multiple Sourcefire products. The specific flaw exists within the reuse of private SSL keys for multiple devices and installations. The keypair is stored in /etc/ssl/server.crt and...
Adobe Flash Reader - Live Malware
Adobe Flash Reader - Live Malware Exploit-DB Note - Live POC originally found at http://qoop.org/security/poc/cve-2010-1297/ File is malicious! Taken from the wild! Beware! To decrypt the file: openssl aes-256-cbc -d -a -in adobe-0day-2010-1297.tar.enc -out adobe-0day-2010-1297.tar Password is...
Adobe Flash / Reader - Live Malware
Exploit-DB Note - Live POC originally found at http://qoop.org/security/poc/cve-2010-1297/ File is malicious! Taken from the wild! Beware! To decrypt the file: openssl aes-256-cbc -d -a -in adobe-0day-2010-1297.tar.enc -out adobe-0day-2010-1297.tar Password is "edb" without the quotes. NOTE: This...