Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

73 matches found

CVE
CVEadded 2019/05/09 12:0 a.m.402 views

CVE-2019-11840

CVE-2019-11840 affects golang.org/x/crypto (amd64 salsa20 and salsa20/salsa). If keystream surpasses 256 GiB or the counter grows beyond 32 bits, output becomes incorrect and then repeats earlier keystream, causing potential confidentiality loss in encryption/CSPRNG. The connected Debian advisory...

5.9CVSS5.6AI score0.02143EPSS
Exploits0References11Affected Software1
Cvelist
Cvelistadded 2019/05/09 12:0 a.m.25 views

CVE-2019-11840

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...

5.8AI score0.02143EPSS
Exploits0References11
Debian CVE
Debian CVEadded 2019/05/09 12:0 a.m.33 views

CVE-2019-11840

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...

5.9CVSS6AI score0.02143EPSS
Exploits0
Packet Storm
Packet Stormadded 2016/06/22 12:0 a.m.28 views

DarkComet Server 3.2 Remote File Download

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DarkComet Server Remote File Download Exploit', 'Description' = %q This module exploits an arbitrary file download vulnerabilit...

0.1AI score
Exploits0
exploitpack
exploitpackadded 2016/06/21 12:0 a.m.14 views

DarkComet Server - Arbitrary File Download (Metasploit)

DarkComet Server - Arbitrary File Download Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DarkComet Server Remote File Download Exploit', 'Description' = %q This...

7.4AI score
Exploits0
0day.today
0day.todayadded 2016/06/10 12:0 a.m.42 views

Poison Ivy 2.1.x - C2 Buffer Overflow (Metasploit)

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This module...

7.1AI score
Exploits0
Metasploit
Metasploitadded 2016/06/03 5:24 p.m.41 views

DarkComet Server Remote File Download Exploit

This module exploits an arbitrary file download vulnerability in the DarkComet C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5AI score
Exploits0
securityvulns
securityvulnsadded 2015/08/24 12:0 a.m.34 views

[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-010: SAP Mobile Platform DataVault Keystream Recovery 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device would be able to decrypt...

0.3AI score
Exploits0
ThreatPost
ThreatPostadded 2014/09/11 11:3 a.m.12 views

Key Flaw Enables Recovery of Files Encrypted by TorrentLocker

Crypto ransomware, a relatively unknown phenomenon a couple of years ago, has exploded into one of the nastier malware problems for Internet users. Variants such as CryptoLocker and CryptoWall have been siphoning money from victims for some time, and now researchers have dissected a newer variant...

0.4AI score
Exploits0References2
ThreatPost
ThreatPostadded 2013/03/14 7:37 p.m.12 views

Attack Exploits Weakness in RC4 Cipher to Decrypt User Sessions

It’s been more than 25 years since Ron Rivest invented his RC4 stream cipher, and after all that time it’s still being used widely, which is something of an achievement in the crypto world. However, for more than 15 years researchers have known about a weakness in RC4 that could enable an attacke...

0.2AI score
Exploits0References3
CERT
CERTadded 2001/11/15 12:0 a.m.29 views

Syskey reuses keystream

Overview Versions of SYSKEY in use prior to December, 1999 leave the SAM database vulnerable to cryptanalytic attacks. Description SYSKEY is a utility introduced in Microsoft Windows NT 4.0 service pack 3 to provide strong cryptographic protection to the SAM password database. The protection SYSK...

5CVSS6AI score0.1939EPSS
Exploits0References6
CVE
CVEadded 2000/01/18 5:0 a.m.54 views

CVE-1999-0994

SYSKEY in Windows NT pre-December 1999 had a flaw that reuses part of an RC4 keystream to encrypt the SAM database. This enables dictionary attacks against SAM passwords if an attacker obtains a copy of the SAM database. Microsoft addressed this in December 1999 (MS99-056). The CERT advisory reit...

5CVSS6.7AI score0.1939EPSS
Exploits0References3Affected Software1
NVD
NVDadded 1999/12/16 5:0 a.m.16 views

CVE-1999-0994

Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords...

5CVSS6.7AI score0.1939EPSS
Exploits0References3
Rows per page
Query Builder