Lucene search
K

3242 matches found

Prion
Prion
added 2013/02/08 8:55 p.m.26 views

Code injection

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS8AI score0.05281EPSS
Exploits0References19Affected Software1
OSV
OSV
added 2013/02/08 8:55 p.m.0 views

UBUNTU-CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS7AI score0.05281EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/02/08 8:0 p.m.27 views

CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

7.3AI score0.05281EPSS
Exploits0References19
Debian CVE
Debian CVE
added 2013/02/08 8:0 p.m.28 views

CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS8.9AI score0.05281EPSS
Exploits0
CVE
CVE
added 2013/02/08 8:0 p.m.95 views

CVE-2013-0263

CVE-2013-0263 is a timing-attack vulnerability in Rack::Session::Cookie that allows remote attackers to guess the session cookie, potentially gain privileges, and execute arbitrary code. It affects Rack versions prior to patched releases: 1.5.2 (1.5.x), 1.4.5 (1.4.x), 1.3.10 (1.3.x), 1.2.8 (1.2.x...

5.1CVSS7.5AI score0.05281EPSS
Exploits0References19Affected Software1
OSV
OSV
added 2013/02/08 7:55 p.m.17 views

CVE-2013-1619

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

6AI score
Exploits0References16
FreeBSD
FreeBSD
added 2013/02/08 12:0 a.m.33 views

Ruby Rack Gem -- Multiple Issues

Rack developers report: Today we are proud to announce the release of Rack 1.4.5. Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Fix CVE-2013-0262, symlink path traversal in Rack::File...

5.1CVSS6.4AI score0.05281EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2013/02/08 12:0 a.m.9 views

PT-2013-1213 · Openssl +6 · Polarssl +8

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 1.3.0 OpenJDK versions prior to 1.3.0 PolarSSL versions prior to 1.3.0 Description: The issue concerns the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, which do not properly consider timing side-channe...

10CVSS7.8AI score0.99999EPSS
Exploits358References887
RubySec
RubySec
added 2013/02/07 12:0 a.m.40 views

CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS7.3AI score0.05281EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2013/02/05 12:0 a.m.64 views

Linux Kernel 2.6.32-5 (Debian 6.0.5) - '/dev/ptmx' Key Stroke Timing Local Disclosure

!/bin/bash ptmx-su-pwdlen.sh -- This PoC determine the password length of a local user who runs "su -". Done thanks to the ptmx keystroke timing attack CVE-2013-0160. See http://vladz.devzero.fr/013ptmx-timing.php for more information. Tested on Debian 6.0.5 kernel 2.6.32-5-amd64. "THE BEER-WARE...

2.1CVSS6.5AI score0.00732EPSS
Exploits6
exploitpack
exploitpack
added 2013/02/05 12:0 a.m.38 views

Linux Kernel 2.6.32-5 (Debian 6.0.5) - devptmx Key Stroke Timing Local Disclosure

Linux Kernel 2.6.32-5 Debian 6.0.5 - devptmx Key Stroke Timing Local Disclosure !/bin/bash ptmx-su-pwdlen.sh -- This PoC determine the password length of a local user who runs "su -". Done thanks to the ptmx keystroke timing attack CVE-2013-0160. See http://vladz.devzero.fr/013ptmx-timing.php for...

2.1CVSS6.6AI score0.00732EPSS
Exploits6
Opera Security Advisories
Opera Security Advisories
added 2013/01/29 12:0 a.m.6 views

TLS response timings can indicate network contents – Opera Security Advisories

When Opera receives incorrectly encrypted network data, Opera will detect this, and let the sender know that the data was not understood. Such encrypted error responses are marginally faster than regular responses. An attacker with access to the network, can by replacing network data measure...

5.8AI score
Exploits0References1
NVD
NVD
added 2012/12/18 1:55 a.m.27 views

CVE-2012-5607

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...

5CVSS6.7AI score0.02102EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/12/18 1:55 a.m.40 views

CVE-2012-5607

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...

5CVSS5.9AI score0.02102EPSS
Exploits0References4
Cvelist
Cvelist
added 2012/12/18 1:0 a.m.29 views

CVE-2012-5607

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...

6.7AI score0.02102EPSS
Exploits0References4
CVE
CVE
added 2012/12/18 1:0 a.m.64 views

CVE-2012-5607

The CVE-2012-5607 issue affects versions 4.0.9 and 4.5.0 where the Lost Password reset does not properly validate the security token, enabling a remote timing-attack-based password change. The underlying problem is the token comparison during password reset, which could let an attacker overwrite...

5CVSS6.9AI score0.02102EPSS
Exploits0References4Affected Software2
OwnCloud
OwnCloud
added 2012/08/24 11:42 a.m.52 views

Server: Timing attack on the password reset

The "Lost Password" implementation is vulnerable to a Remote Timing Attack. The token used to secure the password reset is fetched from the database and compared to the user-specified value using the equals operator. An attacker successfully rebuilding the token can then specify an arbitrary...

5CVSS6.4AI score0.02102EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2012/08/24 9:42 a.m.46 views

Timing attack on the password reset - ownCloud

The "Lost Password" implementation is vulnerable to a Remote Timing Attack. The token used to secure the password reset is fetched from the database and compared to the user-specified value using the equals operator. An attacker successfully rebuilding the token can then specify an arbitrary...

5CVSS6.4AI score0.02102EPSS
Exploits0Affected Software1
NVD
NVD
added 2012/08/08 10:26 a.m.23 views

CVE-2012-2191

IBM Global Security Kit aka GSKit before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to...

5CVSS6.8AI score0.0388EPSS
Exploits0References6
Cvelist
Cvelist
added 2012/08/08 10:0 a.m.28 views

CVE-2012-2191

IBM Global Security Kit aka GSKit before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to...

6.8AI score0.0388EPSS
Exploits0References6
Rows per page
Query Builder