250 matches found
CVE-2013-3625
An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...
Hardcoded credentials
An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...
CVE-2013-3625
CVE-2013-3625 affects Baramundi Management Suite versions 7.5–8.9. The vulnerability arises from a hard-coded encryption key stored in a DLL, enabling attackers who obtain the key from a product installation elsewhere to defeat cryptographic protections. Connected sources confirm the issue within...
CVE-2013-5679
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...
CVE-2013-2782
CVE-2013-2782 affects Schneider Electric Trio J-Series License Free Ethernet Radio firmware 3.6.0–3.6.3, where the AES encryption key is reused across different customer installations due to improper key generation. This weakens cryptographic protection and could allow remote attackers to access ...
Hardcoded credentials
Cisco Unified Communications Manager CUCM 7.1x through 9.12 and the IM & Presence Service in Cisco Unified Presence Server through 9.12 use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat...
CVE-2013-2872
CVE-2013-2872 affects Google Chrome on Mac OS X prior to 28.0.1500.71. The issue is that the entropy source for renderer processes may be insufficient, potentially allowing remote attackers to bypass cryptographic protections in third‑party components via unspecified vectors. Impacts are describe...
CVE-2012-5860
Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 smart cards makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the generation of non-compliant public keys...
CVE-2012-2187
CVE-2012-2187 affects IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 (versions 1.13 and earlier). The root cause is weak RSA key generation in the firmware, which may allow an attacker to remotely compromise the corresponding private key when using secure proto...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
GLSA-201209-03 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201209-03 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the...
CVE-2012-4144
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting XSS protection mechanisms via a crafted HTML document...
CVE-2012-0794
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's...
CVE-2008-7311
CVE-2008-7311 concerns the Spree 0.2.0 session cookie store, which uses a hardcoded config.action_controller_session hash (secret key). This weak key material can allow remote attackers to bypass cryptographic protections by exploiting an application that contains this value in config/environment...
Hardcoded credentials
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
Design/Logic Flaw
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...
Exploit Kits Employing Obfuscation to Prevent Analysis
The creators of the Phoenix exploit kit have begun using obfuscation and other techniques to prevent security researchers and others from reverse-engineering the installation process for the kit, adopting a tactic that has become increasingly popular among attackers recently. The Phoenix exploit...
DSA-2123-1 nss - cryptographic weaknesses
Bulletin has no description...
Mozilla Products Multiple Vulnerabilities October-10 (Windows)
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnwinoct10.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Vulnerabilities october-10 Windows Authors: Madhuri D Copyrigh...
CVE-2010-3192
CVE-2010-3192 affects the GNU C Library (glibc) and concerns runtime memory protection that prints argv[0] and backtrace data, potentially allowing a context-dependent attacker to read sensitive process memory. The description references a setuid program with a stack-based overflow (fortify_fail/...