3242 matches found
CVE-2015-6728
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...
Cross site request forgery (csrf)
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...
CVE-2015-6728
CVE-2015-6728 affects MediaWiki releases prior to 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2. The ApiBase::getWatchlistUser function does not perform token comparison in constant time, enabling a timing attack to guess the watchlist CSRF token and bypass CSRF protection. Connected so...
CVE-2015-6728
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...
CVE-2015-6728
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...
MGASA-2015-0317 Updated libcryptopp package fixes security vulnerability
Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key CVE-2015-2141...
Updated libcryptopp package fixes security vulnerability
Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key CVE-2015-2141...
Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving
Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving Source: https://code.google.com/p/google-security-research/issues/detail?id=280&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - BrokerMoveFileEx TOCTOU IE PM Sandbox Escape 1. Windows 8....
Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving Exploit
Exploit for windows platform in category remote exploits...
Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving
Source: https://code.google.com/p/google-security-research/issues/detail?id=280&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - BrokerMoveFileEx TOCTOU IE PM Sandbox Escape 1. Windows 8.1 Internet Explorer Protected Mode Bypass in FlashBroker FlashBroker is...
[SECURITY] [DSA 3332-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3332-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst August 11, 2015 https://www.debian.org/security/faq -...
Fedora 23 : wordpress-4.2.4-1.fc23 (2015-12750)
WordPress 4.2.4 Security and Maintenance Release WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a...
mediawiki -- multiple vulnerabilities
MediaWiki reports: Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList. Internal review discovered that...
wordpress: multiple issues
CVE-2015-2213: SQL injection in comments ID. - CVE-2015-5730: Timing attack in widgets. - CVE-2015-5731: Denial of service by locking a post from being edited. - CVE-2015-5732, CVE-2015-5733 CVE-2015-5734: XSS...
WordPress <= 4.2.3 - Timing Side Channel Attack
...
WordPress < 4.2.4 Multiple Vulnerabilities
According to its version number, the WordPress application running on the remote web server is prior to 4.2.4. It is, therefore, potentially affected by multiple vulnerabilities : - A SQL injection vulnerability exists in the post.php script due to a failure to sanitize user-supplied input to the...
OracleVM 3.3 : gnutls (OVMSA-2015-0101)
The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-0282 1198159 - fix CVE-2015-0294 1198159 - Corrected value initialization in mpi printing 1129241 - Check for expiry information in the CA certificates 1159778 - fix issue with integer...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...
crypto++: private key recovery
Evgeny Sidorov discovered that it is possible to recover the private key when using Rabin-Williams signatures due to a bad interaction with the blinding value used to mask private key operations. The bad interaction had to do with the random value not meeting certain Jacobi requirements, which...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...