CVE-2012-3137

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...

Authentication flaw

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...

CVE-2012-3137

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...

Oracle Database stealth password cracking vulnerability

Oracle suffered with serious vulnerability in the authentication protocol used by some Oracle databases. This Flaw enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user's password. A researcher - Esteban Martinez Fayo, a researcher wit...

Flaw in Oracle Logon Protocol Leads to Easy Password Cracking

There is a serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password. The attacker could then log on as an authenticated user...

CVE-2012-0799

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page...

CVE-2012-0799

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page...

Splunk - Remote Command Execution

from sec1httplib.requestbuilder import Requestobj from sec1httplib.threaddispatcher import import threading import re import urlparse import sys import urllib import base64 from optparse import OptionParser import sys """ Source: http://www.sec-1.com/blog/?p=233 Splunk remote root exploit. Author...

PYSEC-2011-1

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

QQ2011会话密钥泄露漏洞

腾讯QQ是在中国非常广泛使用的即时聊天工具。 Windows平台上QQ的客户端（包括QQ2010/2011等版本）在实现上存在安全漏洞，在生成会话密钥相关的临时密钥时使用了不安全的随机密钥生成算法，导致攻击者可以通过监听用户登录得到会话密钥，进而可以添加、修改、查看所有的聊天记录。 Tencent QQ 2011 Tencent QQ 2010 厂商补丁： Tencent ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://im.qq.com/qq/dlqq.shtml...

[SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 2206-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2011 http://www.debian.org/security/faq -...

Debian DSA-2206-1 : mahara - several vulnerabilities

Two security vulnerabilities have been discovered in Mahara, a fully featured electronic portfolio, weblog, resume builder and social networking system : - CVE-2011-0439 A security review commissioned by a Mahara user discovered that Mahara processes unsanitized input which can lead to cross-site...

[SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 2206-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2011 http://www.debian.org/security/faq -...

FreeBSD : krb5 -- multiple checksum handling vulnerabilities (11bbccbc-03ee-11e0-bcdb-001fc61c2a55)

The MIT Kerberos team reports : MIT krb5 clients incorrectly accept an unkeyed checksums in the SAM-2 preauthentication challenge. An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some...

Mandriva Update for krb5 MDVSA-2010:246 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDVSA-2010:246 krb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for krb5 MDVSA-2010:245 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDVSA-2010:245 krb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for krb5 MDVSA-2010:245 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDVSA-2010:245 krb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

krb5 -- multiple checksum handling vulnerabilities

The MIT Kerberos team reports: MIT krb5 clients incorrectly accept an unkeyed checksums in the SAM-2 preauthentication challenge. An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some...

Session fixation

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKDSESSIONKEY parameter...

Pivot 1.40.4-7 Multiple Remote Vulnerabilities

No description provided by source. Pivot - XSS and HTML Injection Vulnerabilities Versions Affected: 1.40.4 and 1.40.7 22nd March 2009 newest Info: Pivot is a web-based tool to help you maintain dynamic sites, like weblogs or online journals. Pivot is released under the GPL so it is completely fr...