Session Key Disclosure

Moodle is vulnerable to session key disclosure.If anonymous front-page forum is enabled, remote attackers can obtain session keys for their own sessions by visiting the front page...

Belden GarrettCom 6K/10K Switches Multiple Vulnerabilities

Belden GarrettCom 6K and 10KT Magnum series network switches are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2016-3037

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613...

CVE-2016-3037

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613...

Design/Logic Flaw

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613...

CVE-2016-3037

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613...

MGASA-2017-0030 Updated mbedtls packages fix security vulnerability

The mbedtls package has been updated to version 1.3.18, which removes a non-default configuration option that could lead to session key recovery in very long TLS sessions and fixes a potential stack corruption that cannot be triggered remotely. It also fixes several bugs. See the upstream release...

DROWN Attack

OpenSSL is vulnerable to the DROWN attack. The DROWN attack is also known as a Bleichenbacher RSA padding oracle. This vulnerability allows a malicious user to recover a session key from SSL2.0 connections, allowing them to decrypt such connections...

SUSE SLES11 Security Update : samba (SUSE-SU-2016:3298-1)

This update for samba provides the following fixes: Security issues fixed : - CVE-2016-2125: Don't send delegated credentials to all servers. bsc1014441 - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. bsc1014442 Non security issues fixed ...

SUSE-SU-2016:3300-1 Security update for samba

This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. bsc1014441 - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. bsc1014442 Non security issues fixed: ...

SUSE-SU-2016:3298-1 Security update for samba

This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. bsc1014441 - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. bsc1014442 Non security issues fixed: ...

SA135 : OpenSSL Vulnerabilities 10-Nov-2016

SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain SSL/TLS session key information. AFFECTED PRODUCTS The following products are vulnerable: Director -...

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

Scuolabook purchased e-books on .pdf format Download Exploit

This script allows you to download 'scuolabook.it' purchased ebooks via-webapp and save them on .pdf format and read/edit with every pdf-editor Usage Info 1 Login to your account on scuolabook.it; 2 Copy 'turnersession' session key; 3 Run exploit python exploit.py; 4 Follow the on-screen...

Offline WPS Bruteforce Utility: PixieWPS

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack Additional Video: http://video.adm.ntnu.no/pres/549931214e18d Pixiewps requires libssl. To install it: sudo apt-get install libssl-dev Installation:...

Flawed TLS Implementations Leak RSA Keys

A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys. Florian Weimer, a researcher with Red Hat, last week published a paper called “Factoring RSA Keys With TLS Perfect Forward Secrecy” that demonstrated...

Cross site request forgery vulnerability in Linksys WAG120N

Hello all, i want to share a problem that i found with Linksys router WAG120N. It could be possible to modify router's configuration when a user visit a webpage with an specific form it is a similar problem that i sent some days ago with Comtrend routers:...

AIX 5.3 TL 12 : sendmail (IV75967) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

AIX 6.1 TL 8 : sendmail (IV75644) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

AIX 7.1 TL 2 : sendmail (IV75645) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...