98% of SSL enabled websites still using SHA-1 based weak Digital Certificates

The National Institute of Standards and Technology NIST had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA...

Rovnix hash collision vulnerability

Exploitation of a weakness in Rovnix malicious software hash function. The default password on Rovnix panel are 'admin' admin = fbff791ef0770855e599ea6f87d41653 but you can log with '21173' This exploit will defeat the weak hash function of Rovnix to get password from a hash. '; echo'Value: '...

Amazon Linux AMI : python26 (ALAS-2012-98)

A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent to a web application that are used as keys when inserting data into an array...

Forthcoming SHA-3 Hash Function May Be Unnecessary

For the last five years, NIST, the government body charged with developing new standards for computer security, among other things, has been searching for a new hash function to replace the aging SHA-2 function. Fives years is a long time, but this is the federal government and things move at the...

Hotmail Limits Passwords to 16 Characters

Passwords, unfortunately, still are the main authentication mechanism on most Web sites, including all of the popular webmail services, such as Hotmail, Gmail and Yahoo Mail. Many sites encourage users to pick complex and long passwords, so it’s surprising to see that Microsoft now has limited...

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update

JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS...

CentOS Update for expat CESA-2012:0731 centos6

Check for the Version of expat OpenVAS Vulnerability Test CentOS Update for expat CESA-2012:0731 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for irb CESA-2012:0070 centos4

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for python CESA-2012:0744 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for python CESA-2012:0744 centos6

Check for the Version of python OpenVAS Vulnerability Test CentOS Update for python CESA-2012:0744 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

JRuby: Denial of service

Background JRuby is a Java-based Ruby interpreter implementation. Description JRuby does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition. Workaround...

RedHat Update for ruby RHSA-2012:0069-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2012:0069-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Low: python26

Issue Overview: A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent to a web application that are used as keys when inserting da...

Mandriva Update for python MDVSA-2012:097 (python)

Check for the Version of python OpenVAS Vulnerability Test Mandriva Update for python MDVSA-2012:097 python Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

RedHat Update for python RHSA-2012:0744-01

Check for the Version of python OpenVAS Vulnerability Test RedHat Update for python RHSA-2012:0744-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

python, tkinter security update

CentOS Errata and Security Advisory CESA-2012:0745 Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

expat security update

CentOS Errata and Security Advisory CESA-2012:0731 Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Anatomy of a LulzSec Attack 'Singles Out' Web 2.0 Weakness

A new report analyzing a recent attack on a military dating site underscores the need for stronger safeguards on social networks. As part of its Hacker Intelligence Initiative, database and application security provider Imperva deconstructed a March attack by the hacker collective LulzSec on...

Fedora 15 : expat-2.1.0-1.fc15 (2012-6996)

This update includes expat 2.1.0, which fixes includes a fix for a security issue. A specially crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O1 to the worst case On. Reporters...

Fedora 16 : expat-2.1.0-1.fc16 (2012-5058)

This update includes expat 2.1.0, which fixes includes a fix for a security issue. A specially crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O1 to the worst case On. Reporters...