364 matches found
DEBIAN-CVE-2015-0293
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message...
USN-2537-1: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...
UBUNTU-CVE-2015-0293
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message...
Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server
Challenge Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check "Perfor...
[CVE-2 0 1 4-3 1 0 0]Android KeyStore stack overflow vulnerability analysis-vulnerability warning-the black bar safety net
CVE-2 0 1 4-3 1 0 0 is Android platform KeyStore to a stack overflow vulnerability. This vulnerability is the last 9 month by IBM of the two engineers found and reported to Google, in year 6, on 2 3, is disclosed. After the public, Google also released a vulnerability test code. So what is a...
ssl-ccs-injection NSE Script
Detects whether a server is vulnerable to the SSL/TLS "CCS Injection" vulnerability CVE-2014-0224, first discovered by Masashi Kikuchi. The script is based on the ccsinjection.c code authored by Ramon de C Valle In order to exploit the vulnerablity, a MITM attacker would effectively do the...
CVE-2014-0224
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...
Design/Logic Flaw
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...
Volafox - Mac OS X & BSD Memory Analysis Toolkit
Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this...
Hackers can remotely control your phone – Android 4.4 break vulnerability with EXP-a vulnerability warning-the black bar safety net
Security expert Jay Freeman discovered Android 4.4 in addition a Master Key vulnerability that allows an attacker to bypass signature verification and malicious code detection, in the legal application to inject malicious code. ! “Android Master Key vulnerability”of the earliest in the last 7...
Another Master Key vulnerability discovered in Android 4.3
Earlier this year, in the month of July it was first discovered that 99% of Android devices are vulnerable to a flaw called "Android Master Key vulnerability" that allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be us...
Another Master Key vulnerability discovered in Android 4.3
None...
Android Master Key Vulnerability Responsible Disclosure
The researcher behind the now well known Android Master Key vulnerability shared more details about the disclosure process, during which attackers somehow managed to reverse engineer a patch for the bug, and write and distribute malware days before Google released the patch to the public. Jeff...
Chinese Hackers discovered second Android master key vulnerability
Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...
New App ReKey Fixes Android Master Key Vulnerability
The Android master key vulnerability disclosed a couple of weeks ago puts nearly all Android phones at risk of attacks that can modify legitimate apps with malicious code that would give the attacker full control of the device. Google has released a patch, but Android users are dependent upon the...
Chinese Hackers discovered second Android master key vulnerability
Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...
Another Android Master Key Attack Published
A second Android Master Key attack has been reported that takes advantage of the vulnerability in the way Android reads APK files, enabling hackers to modify signed legitimate apps with malware. The vulnerability occurs in the way Android conducts integrity checks on APK files. An attacker could...
CVE-2013-4787
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file APK that is modified in a way that does not violate the cryptographic signature, probably involving multiple...
CVE-2013-4787
Android 1.6–4.2 (Donut to Jelly Bean) contains a flaw in verifying APK cryptographic signatures: an APK.modified file with duplicate Zip entries may be installed despite one entry being validated, enabling arbitrary code execution via the Master Key vulnerability. The issue arises from inconsiste...
CVE-2013-4787
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file APK that is modified in a way that does not violate the cryptographic signature, probably involving multiple...