1413 matches found
CVE-2016-0883
CVE-2016-0883 affects Pivotal Cloud Foundry Ops Manager prior to 1.5.14 and 1.6.x prior to 1.6.9. The issue is that the same cookie-encryption key was used across different customers’ installations, enabling remote attackers to bypass session authentication by leveraging knowledge of the key from...
Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Nagios Network Analyzer Multiple Vulnerabilities Affected versions: Nagios Network Analyzer = 2.2.0 PDF: http://www.security-assessment.com/files/documents/advisory/NagiosNetworkAnalyzerAdvisory.pdf +-----------+ |Description| +-----------+ Th...
[SECURITY] Fedora 23 Update: cryptobone-1.0.5-1.fc23
The Crypto Bone is a secure messaging system that makes sure a user's email is always encrypted without burdening the user with the message key management. Based on a GUI and a separate daemon, both ease-of-use and security are assured by a novel approach to encryption key management. While the...
[SECURITY] Fedora 24 Update: cryptobone-1.0.5-1.fc24
The Crypto Bone is a secure messaging system that makes sure a user's email is always encrypted without burdening the user with the message key management. Based on a GUI and a separate daemon, both ease-of-use and security are assured by a novel approach to encryption key management. While the...
Shiro RememberMe 1.2.4 deserialize the result of command execution vulnerability
Author: rungobier 知道创宇404安全实验室 概述 Apache Shiro 在 Java 的权限及安全验证框架中占用重要的一席之地,在它编号为550的 issue 中爆出严重的 Java 反序列化漏洞。下面,我们将模拟还原此漏洞的场景以及分析过程。 0x01 漏洞场景还原 首先,需要获取 Apache Shiro 存在漏洞的源代码,具体操作如下: git clone https://github.com/apache/shiro.git git checkout shiro-root-1.2.4 cd ./shiro/samples/web...
PT-2016-3363 · Apache +1 · Apache Shiro +1
Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.2.5 Description: The issue is related to the "remember me" feature in Apache Shiro, where the lack of a configured cipher key allows remote attackers to execute arbitrary code or bypass intended access...
CVE-2016-1404
CVE-2016-1404 affects Cisco UCS Invicta software, including Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System. The root cause is a single hardcoded GnuPG encryption key used across different customer installations, enabling remote attackers to defeat cryptographic prote...
CVE-2016-2333
SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another...
CVE-2016-2333
SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another...
CVE-2016-2333
The CVE-2016-2333 issue affects the SysLINK SL-1000 M2M Modular Gateway family, with firmware prior to 01A.8, where a single hard-coded cryptographic key is reused across different installations. This flaw can allow an attacker with knowledge of the key to defeat cryptographic protections, potent...
BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack
BlackBerry’s CEO made the company’s stance on lawful access requests clear this week and is defending actions to provide Canadian law enforcement with what it needed to decrypt communications between devices. The company’s CEO John Chen penned a statement on Monday, reiterating that one of...
Cisco Unified Communications Manager Information Disclosure Vulnerability (cisco-sa-20160208-ucm)
Cisco Unified Communications Manager CUCM is prone to an information disclosure vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...
CVE-2016-1319
Cisco Unified Communications Manager aka CallManager 9.12.10000.28, 10.52.10000.5, 10.52.12901.1, and 11.01.10000.10; Unified Communications Manager IM & Presence Service 10.52; Unified Contact Center Express 11.01; and Unity Connection 10.52 store a cleartext encryption key, which allows local...
Code injection
Cisco Unified Communications Manager aka CallManager 9.12.10000.28, 10.52.10000.5, 10.52.12901.1, and 11.01.10000.10; Unified Communications Manager IM & Presence Service 10.52; Unified Contact Center Express 11.01; and Unity Connection 10.52 store a cleartext encryption key, which allows local...
CVE-2016-1319
Cisco Unified Communications Manager aka CallManager 9.12.10000.28, 10.52.10000.5, 10.52.12901.1, and 11.01.10000.10; Unified Communications Manager IM & Presence Service 10.52; Unified Contact Center Express 11.01; and Unity Connection 10.52 store a cleartext encryption key, which allows local...
CVE-2016-1319
CVE-2016-1319 concerns Cisco Unified Communications Manager and related products (CUCM, IM&P, UCCX, Unity Connection) that store a cleartext encryption key, enabling local users to obtain sensitive information via unspecified vectors. Root cause is improper key management allowing plaintext key e...
CVE-2015-6414
Cisco TelePresence Video Communication Server (VCS) X8.6 uses a single encryption key shared across different customer installations, enabling a local attacker who knows a key from another installation to bypass cryptographic protections and potentially read sensitive data. This vulnerability ste...
Use Padding Oracle attacks to obtain the encrypted key-vulnerability warning-the black bar safety net
0×0 0 Preface In this article I want to share some of the use of the padding oracle vulnerability practical tips, this type of vulnerability allows an attacker to decrypt the ciphertext and the encrypted plaintext. About the padding oracle attack concept and the working principle of the more...
Fewer IPsec VPN Connections at Risk to Weak Diffie-Hellman
A challenge has been made against one of the conclusions in a potentially blockbuster academic paper on cryptographic weaknesses that may be the open door through which intelligence agencies are breaking encrypted connections. The paper, “Imperfect Forward Secrecy: How Diffie-Hellman Fails in...
Magento E-Commerce Platform Magmi Plugin Information Disclosure
An information disclosure vulnerability has been discovered in Magento e-commerce platform Magmi Plugin. Successful exploitation results in access to Magento site credentials and database encryption key...