Lucene search
+L

250 matches found

NVD
NVD
added 2013/10/03 11:4 a.m.17 views

CVE-2013-3625

An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...

7.8CVSS6.5AI score0.00772EPSS
Exploits0References1
Prion
Prion
added 2013/10/03 11:4 a.m.20 views

Hardcoded credentials

An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...

7.8CVSS7AI score0.00772EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/10/03 10:0 a.m.50 views

CVE-2013-3625

CVE-2013-3625 affects Baramundi Management Suite versions 7.5–8.9. The vulnerability arises from a hard-coded encryption key stored in a DLL, enabling attackers who obtain the key from a product installation elsewhere to defeat cryptographic protections. Connected sources confirm the issue within...

7.8CVSS6.7AI score0.00772EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/09/30 10:0 a.m.34 views

CVE-2013-5679

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...

9.2AI score0.02426EPSS
Exploits1References4
CVE
CVE
added 2013/08/28 1:0 a.m.53 views

CVE-2013-2782

CVE-2013-2782 affects Schneider Electric Trio J-Series License Free Ethernet Radio firmware 3.6.0–3.6.3, where the AES encryption key is reused across different customer installations due to improper key generation. This weakens cryptographic protection and could allow remote attackers to access ...

9.3CVSS6.9AI score0.01347EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2013/07/18 12:48 p.m.19 views

Hardcoded credentials

Cisco Unified Communications Manager CUCM 7.1x through 9.12 and the IM & Presence Service in Cisco Unified Presence Server through 9.12 use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat...

7AI score0.00623EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/07/10 10:0 a.m.67 views

CVE-2013-2872

CVE-2013-2872 affects Google Chrome on Mac OS X prior to 28.0.1500.71. The issue is that the entropy source for renderer processes may be insufficient, potentially allowing remote attackers to bypass cryptographic protections in third‑party components via unspecified vectors. Impacts are describe...

5CVSS6.3AI score0.0093EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/11/14 11:0 a.m.21 views

CVE-2012-5860

Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 smart cards makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the generation of non-compliant public keys...

6.5AI score0.00277EPSS
Exploits0References2
CVE
CVE
added 2012/09/25 8:0 p.m.43 views

CVE-2012-2187

CVE-2012-2187 affects IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 (versions 1.13 and earlier). The root cause is weak RSA key generation in the firmware, which may allow an attacker to remotely compromise the corresponding private key when using secure proto...

5CVSS6.7AI score0.01134EPSS
Exploits0References3Affected Software1
Gentoo Linux
Gentoo Linux
added 2012/09/24 12:0 a.m.55 views

PHP: Multiple vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

10CVSS10.4AI score0.99998EPSS
Exploits71
Tenable Nessus
Tenable Nessus
added 2012/09/24 12:0 a.m.42 views

GLSA-201209-03 : PHP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201209-03 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the...

10CVSS9.1AI score0.99998EPSS
Exploits71References21
NVD
NVD
added 2012/08/06 4:55 p.m.18 views

CVE-2012-4144

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting XSS protection mechanisms via a crafted HTML document...

4.3CVSS5.4AI score0.01198EPSS
Exploits0References5
Cvelist
Cvelist
added 2012/07/17 10:0 a.m.27 views

CVE-2012-0794

The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's...

6.6AI score0.014EPSS
Exploits0References4
CVE
CVE
added 2012/04/04 10:0 p.m.71 views

CVE-2008-7311

CVE-2008-7311 concerns the Spree 0.2.0 session cookie store, which uses a hardcoded config.action_controller_session hash (secret key). This weak key material can allow remote attackers to bypass cryptographic protections by exploiting an application that contains this value in config/environment...

5CVSS6.8AI score0.01244EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/01/14 9:55 p.m.27 views

Hardcoded credentials

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

4.3CVSS6.7AI score0.0854EPSS
Exploits0References22Affected Software1
Prion
Prion
added 2011/02/08 10:0 p.m.24 views

Design/Logic Flaw

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...

5CVSS7.2AI score0.00949EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2010/12/29 3:47 p.m.6 views

Exploit Kits Employing Obfuscation to Prevent Analysis

The creators of the Phoenix exploit kit have begun using obfuscation and other techniques to prevent security researchers and others from reverse-engineering the installation process for the kit, adopting a tactic that has become increasingly popular among attackers recently. The Phoenix exploit...

0.3AI score
Exploits0References1
OSV
OSV
added 2010/11/01 12:0 a.m.51 views

DSA-2123-1 nss - cryptographic weaknesses

Bulletin has no description...

7.5CVSS8.8AI score0.03036EPSS
Exploits0
OpenVAS
OpenVAS
added 2010/10/28 12:0 a.m.31 views

Mozilla Products Multiple Vulnerabilities October-10 (Windows)

The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnwinoct10.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Vulnerabilities october-10 Windows Authors: Madhuri D Copyrigh...

9.3CVSS0.6AI score0.10118EPSS
Exploits2References4
CVE
CVE
added 2010/10/12 9:0 p.m.64 views

CVE-2010-3192

CVE-2010-3192 affects the GNU C Library (glibc) and concerns runtime memory protection that prints argv[0] and backtrace data, potentially allowing a context-dependent attacker to read sensitive process memory. The description references a setuid program with a stack-based overflow (fortify_fail/...

5CVSS6.8AI score0.01606EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder