818 matches found
CVE-2012-4930
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing...
CVE-2011-4447
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and...
CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Code injection
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113...
CVE-2011-3685
Tembria Server Monitor (before 6.0.5 Build 2252) is vulnerable due to a substitution cipher used to encrypt application credentials, enabling local users with read access to authentication.dat or exports XML files to obtain sensitive information. This CVE (CVE-2011-3685) affects the confidentiali...
NSHC Papyrus 2.0 - Heap Overflow
NSHC Papyrus 2.0 - Heap Overflow !/usr/bin/python Title: NSHC Papyrus Heap Overflow Vulnerability Date: 13\08\2011 Author: wh1ant Software Link: http://file.atfile.com/ftp/data/03/PapyrusSetup.exe Version: 2.0 Tested On: windows XP SP3 South Korea / windows XP SP3 English VMware Workstation CVE:...
Virus Buster 2009 key input encryption function vulnerability
Overview Virus Buster 2009 contains a vulnerability within the key input encryption function. The key input encryption function in Virus Buster 2009 contains a vulnerability where a portion of password that is entered in the web browser is not properly encrypted. Nobuhiro Tsuji of NTT DATA SECURI...
CVE-2010-2603
RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack...
CVE-2010-3075
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...
md5 Encryption Decryption PHP Script - index.php Cross-Site Scripting
md5 Encryption Decryption PHP Script - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40381/info md5 Encryption Decryption PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage...
CVE-2010-2011
Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents...
CVE-2009-1603
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted...
CVE-2008-6073
StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Information disclosure
StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-3671
The CVE-2008-3671 entry concerns Acronis True Image Echo Server 9.x build 8072 running on Linux, where backups sent to an FTP server are not properly encrypted. This leads to potential information disclosure by remote attackers. The vulnerability description notes that the provenance is unknown a...
Local information disclosure in WeFi Client v3.3.3.0
================================================== INFO ================================================== The wireless client, WeFi v3.3.3.0 is susceptible to a local information disclosure due to irresponsible coding. Earlier versions may also be affected...
GLSA-200705-09 : IPsec-Tools: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200705-09 IPsec-Tools: Denial of Service The isakmpinforecv function in src/racoon/isakmpinf.c does not always check that DELETE ISAKMPNPTYPED and NOTIFY ISAKMPNPTYPEN packets are encrypted. Impact : A remote attacker could send a...
Default credentials
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the...
MSN Messnger chat history intercepted and the encryption-vulnerability warning-the black bar safety net
MSN Messenger is the Microsoft Corp launched instant messaging software. MSN Messenger with its excellent performance and easy operation, it has been among the of currently the world's most widely used IM softwareinstant messaging software, in domestic also has many users, is the only one can and...
CVE-2006-0363
The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEYCURRENTUSER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated ...