CVE-2014-3100

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...

Stack overflow

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...

CVE-2014-3100

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...

CVE-2014-3100

The CVE-2014-3100 issue is a stack-based buffer overflow in Android 4.3’s KeyStore service (encode_key in /system/bin/keystore) that allows arbitrary code execution and may leak sensitive key information or bypass cryptographic operation restrictions when handling an overly long key name. The vul...

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android, i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security te...

keystore buffer

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...

[Patator v0.5] Multi-purpose brute-forcer, with a modular design and a flexible usage

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Currently it supports the following modules: ftplogin : Brute-force FTP sshlogin : Brute-force SSH telnetlogin : Brute-force Telnet smtplogin : Brute-force SMTP smtpvrfy : Enumerate valid users using the SMTP VRF...

Oracle Java KeyStore SecurityManager Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2012-3310

TFIM (IBM Tivoli Federated Identity Manager) is affected in versions 6.1.1.14, 6.2.0.12, and 6.2.1.4 (pre-6.2.2). The vulnerability arises when a logging configuration set to all enables trace logging that exposes sensitive credentials in log files: (1) LDAP bind password, (2) keystore passwords,...

Multiple Check Point Endpoint Security Products - Information Disclosure

source: https://www.securityfocus.com/bid/46224/info Multiple Check Point endpoint security products are prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to harvest sensitive information that may lead to further attacks...

Multiple Check Point Endpoint Security Products - Information Disclosure

Multiple Check Point Endpoint Security Products - Information Disclosure source: https://www.securityfocus.com/bid/46224/info Multiple Check Point endpoint security products are prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to harvest sensitive...

CVE-2009-2406

CVE-2009-2406 refers to a stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c of the Linux kernel before 2.6.30.4. The issue arises from not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size, enabling l...

CVE-2003-1437

BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access...

CVE-2006-5842

The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information...

CVE-2006-5842

The CVE-2006-5842 entry concerns the Unicore Client (pre-5.6 build 5) on Unix systems where the keystore file uses insecure default permissions. This local-access flaw can let non-privileged users obtain sensitive information. The available documents do not specify the exact affected product vers...

CVE-2006-5842

The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information...