openssl security update

1.0.1e-48.1 - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when readi...

openSUSE Security Update : compat-openssl098 (openSUSE-2016-575)

This update for compat-openssl098 fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2109: ASN.1 BIO excessive memory allocation bsc97694...

Modular File Scanning Analysis Framework: MultiScanner

MultiScanner is a file analysis framework that allows the user to evaluate a set of files with a set of tools. Tools can be custom built python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework. Modules a...

Botan Denial of Service Vulnerability

Botan is a C++ library of cryptographic algorithms that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. The Botan modular square root algorithm fails to properly condition check, allowing remote attackers to exploit this vulnerability for denial of service attacks...

Debian DSA-3565-1 : botan1.10 - security update

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. - CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector...

[SECURITY] [DSA 3565-1] botan1.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3565-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 02, 2016 https://www.debian.org/security/faq -...

DSA-3565-1 botan1.10 - security update

Bulletin has no description...

Debian Security Advisory DSA 3565-1 (botan1.10 - security update)

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector i...

[SECURITY] [DLA 449-1] botan1.10 security update

Package : botan1.10 Version : 1.10.5-1+deb7u1 CVE ID : CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 CVE-2016-2195 CVE-2016-2849 Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, includi...

Hardcoded credentials

SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another...

CVE-2016-2331

The CVE-2016-2331 issue affects Systech SysLINK SL-1000 M2M Modular Gateway devices with firmware prior to 01A.8. Multiple sources describe a privilege-acquisition vulnerability in the web interface due to a hard-coded/default password, enabling a remote attacker to obtain root access. CERT/CC no...

CVE-2016-2333

The CVE-2016-2333 issue affects the SysLINK SL-1000 M2M Modular Gateway family, with firmware prior to 01A.8, where a single hard-coded cryptographic key is reused across different installations. This flaw can allow an attacker with knowledge of the key to defeat cryptographic protections, potent...

Htcap - web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes

htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused mainly on the crawling process and uses external tools to discover vulnerabilities. It'...

High Speed Network Authentication Cracking: Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a...

[SECURITY] Fedora 23 Update: imlib2-1.4.8-1.fc23

Imlib 2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing...

Reverse Shell Post Exploitation Tool: RSPET

RSPET Reverse Shell Post Exploitation Tool is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Features Remote Command Execution Trafic masking XORed insted of cleartext; for better results use port 443 Built-in File/Binary transfer both ways...

USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry

USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...

CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

DEBIAN-CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...