5770 matches found
RSA Key Manager SQL injection
SQL injection during data decryption...
md5 Encryption Decryption PHP Script - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/40381/info md5 Encryption Decryption PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
CVE-2010-2011
Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents...
With a simple asp Trojan back door, to find a asp Backdoor Trojan-exploit-warning-the black bar safety net
I waited for the side dishes yourself not write to asp of the horse, only with prawns to write, but the online streaming of all don't know is the several hand, it is inevitable that some ill-intentioned people will be on the inside plus the back door. Finally get to a shell and be someone stole h...
Unfixed XSS vulnerability at nc-designs.co.uk
Security researcher trueliarx, has submitted on 20/04/2010 a cross-site-scripting XSS vulnerability affecting nc-designs.co.uk, which at the time of submission ranked 1627525 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is...
Ipswitch IMail Server - IMAP4 Server (IMail 11.01) Password Decryptor
No description provided by source. !/usr/bin/python Ipswitch IMail Server - IMAP4 Server IMail 11.01 Password Decryptor Tested on: Windows XP SP3 Windows version does not matter Description: So I reverse engineered the IMail password decryption function in IMailsec.dll, located at 0x00563130. In...
Research Finds Crystal Material For Chip Security
Researchers at Florida State University have discovered crystals that could lead to super security chips. The security chips could store encrypted data written two different ways — electrically and magnetically — making extraction of the data more complex and so more difficult for attackers to...
CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities (reversible encryption + weak ACL)
|------------------------------------------------------------------| | | | / / / / | | / / / / / / / / / / / | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | | |------------------------------------------------- EIP Hunters...
Ipswitch IMail Server本地权限提升漏洞
BUGTRAQ ID: 38109 Ipswitch IMail Server是Ipswitch协作组件中捆绑的一个邮件服务器。 默认下IMail允许Internet Guest账号以Full Control权限访问以下注册表项及其子项和值:HKEYLOCALMACHINE\SOFTWARE\Ipswitch\IMail。此外 IMail的IMailsec.dll库中所实现的口令解密算法是可逆的,本地用户可以在HKEYLOCALMACHINE\SOFTWARE \Ipswitch\IMail\Domains\domain name\Users下找到Password字符串,然后破解加密的口...
Ipswitch IMAIL 11.01 - Reversible Encryption + weak ACL
Ipswitch IMAIL 11.01 - Reversible Encryption + weak ACL |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 |...
Ipswitch IMAIL 11.01 reversible encryption + weak ACL
Exploit for unknown platform in category dos / poc ===================================================== Ipswitch IMAIL 11.01 reversible encryption + weak ACL ===================================================== 0x00 : Vulnerability Information + Product : IMail Server + Version : 11.01 + Vendor...
Ipswitch IMAIL 11.01 - Reversible Encryption + weak ACL
|------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | | |-------------------------------------------------...
MIT's Kerberos 5 Patched
A patch for the MIT’s Kerberos 5 implementation is to fix integer underflows in the functions for decrypting AES and RC4 ciphertexts. Read the full article. The H Security...
Integer overflow
Multiple integer underflows in the 1 AES and 2 RC4 decryption functionality in the crypto library in MIT Kerberos 5 aka krb5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by providing ciphertext with a...
CVE-2009-4212
Multiple integer underflows in the 1 AES and 2 RC4 decryption functionality in the crypto library in MIT Kerberos 5 aka krb5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by providing ciphertext with a...
CVE-2009-4212
CVE-2009-4212 affects MIT Kerberos 5 (krb5) crypto library, impacting the AES and RC4 decryption paths. Versions 1.3–1.6.3 and 1.7 before 1.7.1 are vulnerable to multiple integer underflows when processing ciphertext that is too short to be valid. This can cause a daemon crash (DoS) and, in some ...
CVE-2009-4212
Multiple integer underflows in the 1 AES and 2 RC4 decryption functionality in the crypto library in MIT Kerberos 5 aka krb5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by providing ciphertext with a...
krb: KDC integer overflows in AES and RC4 decryption routines (MITKRB5-SA-2009-004)
Multiple integer underflows in the 1 AES and 2 RC4 decryption functionality in the crypto library in MIT Kerberos 5 aka krb5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by providing ciphertext with a...
CVE-2009-4212
Multiple integer underflows in the 1 AES and 2 RC4 decryption functionality in the crypto library in MIT Kerberos 5 aka krb5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by providing ciphertext with a...
Uploadscript 1.0 Disclosure / Shell Upload
Exploit Title: Uploadscript v1.0. Multiple Vulnerabilities Date: 13-12-2009 Author: Mr.aFiR Software Link: http://www.phpstudio.hu/?action=verify&categorize=php&subaction=php&context=php&ID=75&verify=0 Version: N/A Tested on: GNU/LINUX CVE : N/A Code : N/A / \ / \ / \ | | |/ | | | Y Y | V\ / Y| |...