CVE-2014-4818

dsmtca in the client in IBM Tivoli Storage Manager TSM 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors...

CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences...

CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences...

CVE-2015-1453

CVE-2015-1453 affects Fortinet FortiClient for Android 5.2.3.091, where the qm class uses a hardcoded encryption key (FoRtInEt!AnDrOiD). This enables an attacker to decrypt data stored in Shared Preferences and potentially obtain passwords or other sensitive data. The available sources describe t...

The Hang Seng JRES platform registration vulnerability, you can hack the registry-the vulnerability warning-the black bar safety net

! plugin.jpg The eclipse-jres\plugins\com. hundsun. ares. studio. jres. register1. 1. 0. 2 0 1 2 0 8 2 9 1 4 0 8. jar to decompile,according to the com\hundsun\ares\studio\jres\register\RegisterUtil. the java file can get the registration file of the encryption way and key. The eclipse-jres\keys...

Mac EFI is exposed a major security vulnerability by Thunderbolt devices to spread malicious programs-vulnerability warning-the black bar safety net

Next week, Germany at the Chaos Communication Congress Security Conference, a researcher Trammell Hudson will present a new method, through the unique production of Thunderbolt devices in the Mac EFI boot firmware in the injection almost impossible to not remove the Bootkit virus. The exploits of...

NSA-Approved Samsung Knox Stores PIN in Cleartext

A security researcher has tossed a giant bucket of ice water on Samsung’s thumbs up from the NSA approving use of certain Galaxy devices within in the agency. The NSA’s blessing, given under the agency’s Commercial Solutions for Classified Program, meant that the Samsung Galaxy 4, 5 and Galaxy No...

CVE-2014-6283

SAP Adaptive Server Enterprise ASE 15.7 before SP122 or SP63, 15.5 before ESD5.4, and 15.0.3 before ESD4.4 does not properly restrict access, which allows remote authenticated database users to 1 overwrite the master encryption key or 2 trigger a buffer overflow via a crafted RPC message to the...

Buffer overflow

SAP Adaptive Server Enterprise ASE 15.7 before SP122 or SP63, 15.5 before ESD5.4, and 15.0.3 before ESD4.4 does not properly restrict access, which allows remote authenticated database users to 1 overwrite the master encryption key or 2 trigger a buffer overflow via a crafted RPC message to the...

CVE-2014-6283

SAP Adaptive Server Enterprise ASE 15.7 before SP122 or SP63, 15.5 before ESD5.4, and 15.0.3 before ESD4.4 does not properly restrict access, which allows remote authenticated database users to 1 overwrite the master encryption key or 2 trigger a buffer overflow via a crafted RPC message to the...

SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop

SEC Consult Vulnerability Lab Security Advisory 20140710-1 ======================================================================= title: Multiple high risk vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v2 new codebase impact: high...

Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7

Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data. The flaws technically exist in WinCC, a SCADA supervisory control and data acquisition and HMI human-machine interface syst...

CVE-2014-4686

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during...

Shopizer 1.1.5 Authorization Bypass / Hardcoded Key

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v2 new codebase impact: high homepage:...

Digipass Go3 Insecure Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21040/info Digipass Go3 is prone to an insecure-encryption vulnerability because the device uses an insecure encryption algorithm to encrypt sensitive data. An attacker can exploit this issue to brute-force the encryption...

No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key

No description provided by source. ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access from non-privilege...

Mythic Entertainment Dark Age of Camelot 1.6x Encryption Key Signing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9960/info An encryption key signing vulnerability has been reported to exist in Dark Age of Camelot. This issue is due to a design error in the application that carries out encryption without having the encryption key...

CodeIgniter / Kohana PHP Object Injection / Timing Attack

CodeIgniter versions 2.1.4 and below and Kohana versions 3.2.3 and below and 3.3.2 and below suffer from PHP object injection, a timing attack, and a remote code execution vulnerability. Background info and boring history shit:...

AVG Remote Administration multiple security vulnerabilities

Authentication bypass, code execution, static encryption key...

No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key

Exploit for php platform in category web applications ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access...