Code injection

Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

CVE-2016-1777

CVE-2016-1777 is documented as a vulnerability where RC4 was supported by the Web Server in Apple OS X Server (before 5.1). The connected Apple security entries indicate that RC4 was removed as a default cipher in macOS security updates, addressing the issue (CVE-2016-1777) and associated CVEs by...

Forgeable Public/Private Tokens

Overview Affected versions of the jwt-simple package allow users to select what algorithm the server will use to verify a provided JWT. A malicious actor can use this behaviour to arbitrarily modify the contents of a JWT while still passing verification. For the common use case of the JWT, the en...

OpenSSL CVE-2 0 1 6-0 8 0 0 and CVE-2 0 1 6-0 7 0 3 bug fixes the details of pick-up fun-vulnerability warning-the black bar safety net

Details 3 6 0 including a portion of the information security practice of course, the“3 6 0 Information Security Department”progressively adhering to best security practices in the https and other ssl fields gradually made significant changes. Such as important system to prohibit unsafe cipher...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of the ProcessCommandsInternal function in the Brotli data compression algorithm used by Google Chrome can be exploited due to a loss of precision in integer calculations. Exploiting this vulnerability may allow an attacker to cause a service failure buffer overflow, or possibly...

How to Steal Secret Encryption Keys from Android and iOS SmartPhones

Unlike desktops, your mobile devices carry all sorts of information from your personal emails to your sensitive financial details. And due to this, the hackers have shifted their interest to the mobile platform. Every week new exploits are discovered for iOS and Android platform, most of the time...

Fedora 22 : prosody-0.9.10-1.fc22 (2016-e2c5111eda)

Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...

Crypto Panel Experts Clash on FBI-Apple Debate

SAN FRANCISCO—One would think that six of the smartest security people on the planet could come to some sort of collective conclusion on the FBI-Apple debate. But that wasn’t the case today during the annual Cryptographers’ Panel at RSA Conference. The debate over whether Apple should assist the...

OpenSSL: Double-free in DSA code

A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...

Recursively Crawl Single Page Applications: htcap

htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it’s focused mainly on the crawling process and uses external tools to discover vulnerabilities. It’...

DEBIAN-CVE-2016-2524

epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2016-2524

epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service application crash via a crafted packet...

UBUNTU-CVE-2016-2524

epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service application crash via a crafted packet...

PT-2016-1332

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1 through 1.0.1s OpenSSL versions 1.0.2 through 1.0.2g MySQL Server versions 5.6.29 and earlier MySQL Server versions 5.7.11 and earlier Description A double free vulnerability in the dsa priv decode function in...

OpenSSL加密算法破解漏洞

一、漏洞情况分析 OpenSSL是一个实现安全套接层和安全传输层协议的通用开源加密库，可支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL存在一处加密算法破解漏洞，但是该漏洞需要同时满足以下条件：OpenSSL版本为 1.0.2-1.0.2e；依赖于openssl的应用程序的签名算法生成的临时密钥必须基于Diffie...

CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-643) (SLOTH)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

OpenSSL CVE-2 0 1 6-0 7 0 1 Private Key Recovery attack vulnerability analysis-vulnerability warning-the black bar safety net

by: au2o3t @3 6 0 Cloud Security Team 0x01 Foreword 2 0 1 6 1 2 8, OpenSSL official published number for the CVE-2 0 1 6-0 7 0 1 vulnerabilities. The vulnerability occurs in the OpenSSL 1.0.2 versionOpenSSL 1.0.2 f and later versions not affected, when using the DH algorithm to a different client...

RHEL 5 : java-1.7.0-ibm (RHSA-2016:0100) (SLOTH)

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Critical: Red Hat Security Advisory: java-1.7.0-ibm security update

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...