Input validation

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of...

CVE-2018-0412

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of...

CVE-2018-0412

The CVE-2018-0412 issue affects Cisco Small Business 100 Series and 300 Series Wireless Access Points, where improper processing of EAPOL messages during the Wi‑Fi handshake allows an unauthenticated adjacent attacker to downgrade the cipher from AES‑CCMP to WPA‑TKIP. This cryptographic downgrade...

CVE-2018-0412

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of...

Cisco Small Business 100 Series and 300 Series Wireless Access Points Encryption Algorithm Downgrade Vulnerability

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of...

CVE-2018-15124

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device...

Design/Logic Flaw

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device...

CVE-2018-15124

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device...

Security Bulletin: IBM Spectrum Scale Object Protocols functionality (Linux Standard and Advanced) is affected by security vulnerabilities in the TLS and SSL protocols (CVE-2015-2808 and CVE-2014-3566)

Summary IBM Spectrum Scale Object Protocols functionality Linux Standard and Advanced is affected by security vulnerabilities in the TLS and SSL protocols CVE-2015-2808 and CVE-2014-3566 Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL...

[SECURITY] Fedora 28 Update: zziplib-0.13.69-1.fc28

The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementat ion is based only on the free subset of compression with the zlib...

Security feature bypass

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

CVE-2017-17174

The CVE-2017-17174 entry corresponds to a weak algorithm vulnerability in multiple Huawei products (eSpace U1981, RSE6500, SoftCo, VP9660, etc.). An attacker who can observe TLS traffic between clients and affected devices could perform a Bleichenbacher attack on RSA key exchange to decrypt the s...

An attacker with Office vulnerability propagation FELIXROOT Backdoor-vulnerability warning-the black bar safety net

! One, the attack event details 2017 9 months, in response to Ukrainian attacks, FireEye found FELIXROOT Backdoor this malicious payload, and feedback to our intelligence perception of the customers. The attack activities using some malicious Ukrainian banks document that contains a macro, used t...

Update your devices: New Bluetooth flaw lets attackers monitor traffic

By Waqas The Bluetooth flaw also opens door to a man-in-the-middle attack. The IT security researchers at Israel Institute of Technology have discovered a critical security vulnerability in some implementations of the Bluetooth standard in which not all the parameters involved are appropriately...

FreeBSD : typo3 -- multiple vulnerabilities (ef013039-89cd-11e8-84e9-00e04c1ea73d)

Typo3 core team reports : It has been discovered that TYPO3's Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords...

Road navigation systems can be spoofed using $223 equipment

By Waqas Researchers from a number of renowned institutions including Virginia Tech, the University of Electronic Science and Technology of China and Microsoft Research have concluded that it is possible to spoof GPS signals and send people in the wrong direction. The ironic part is that such an...

openssl: BN_mod_exp may produce incorrect results on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

Autocrack - Hashcat Wrapper To Help Automate The Cracking Process

This python script is a Hashcat https://hashcat.net wrapper to help automate the cracking process. The script includes multiple functions to select a set of wordlists and rules, as well as the ability to run a bruteforce attack, with custom masks, before the wordlist/rule attacks. Autocrack uses...