CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Overview CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. Description CSL DualCom GPRS CS2300-R alarm signalling boards are secure premises transmitters SPT that notify alarm receiving centers ARC when an alarm system is tripped...

Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities

OVERVIEW Aleksandr Timorin from Positive Technologies has identified authentication vulnerabilities in the Siemens SIMATIC STEP 7 TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. AFFECTED PRODUCTS The following Siemens products are affected: SIMATI...

wireshark: WebSocket DoS (wnpa-sec-2015-13)

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

The first Linux ransomware 马失前蹄: encryption vulnerabilities can be compromised-the vulnerability warning-the black bar safety net

In Windows have long had ransomware（ransom ransomware, until Linux in Linux. Encoder. 1, which is the first linux ransomware. This software acts with CryptoWall And TorLocker and other infamous Trojan horse software is very similar. Hackers use ransomware cases In hack remote use of popular...

WAP - Web Application Protection

WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-site...

Microsoft Considers Earlier SHA-1 Deprecation Deadline

Tech companies continue to back away from SHA-1 like it’s an infectious disease. Microsoft, which already had plans to deprecate the crusty cryptographic algorithm by the start of 2017, decided this week to move up that deadline six months. The company said it’s considering whether it will start...

Scientific Linux Security Update : libreswan on SL7.x x86_64 (20151104)

A flaw was discovered in the way Libreswan's IKE daemon processed IKE KE payloads. A remote attacker could send specially crafted IKE payload with a KE payload of g^x=0 that, when processed, would lead to a denial of service daemon crash. CVE-2015-3240 Note: Please note that when upgrading from a...

Tinba Variant Spotted Targeting Russian, Japanese Banks

Cybercriminals behind the Tinba banking Trojan have been homing in on some of the larger banks in Russia and Japan, experts claim. According to researchers with Dell SecureWorks, who looked at an instance of the malware last month, configuration files in one variant are targeting one of the...

OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security...

OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security...

OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security...

OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security...

Verification Bypass

Overview Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm. Recommendation Update to version 4.2.2 or later...

MS KB2960358: Update for Disabling RC4 in .NET TLS

The remote host is missing an update for disabling the weak RC4 cipher suite in .NET TLS. Note that even though .NET Framework 4.6 itself is not affected, any Framework 4.5, 4.5.1, or 4.5.2 application that runs on a system that has 4.6 installed is affected. C Tenable Network Security, Inc...

Practical SHA-1 Collision Attack Months Away

When Bruce Schneier made his oft-cited and mathematically sound projections about the life expectancy of the SHA-1 cryptographic algorithm, he didn’t think he was being conservative. “I thought I was being accurate given the information I had at the time,” Schneier said on Thursday. Schneier in...

Collision Attack: Widely Used SHA-1 Hash Algorithm Needs to Die Immediately

SHA-1 – one of the Internet's widely adopted cryptographic hash function – is Just about to Die. Yes, the cost and time required to break the SHA1 algorithm have fallen much faster than previously expected. According to a team of researchers, SHA-1 is so weak that it may be broken and compromised...

openSUSE Security Update : python-PyJWT (openSUSE-2015-620)

python-PyJWT was updated to fix unsafe usage of asymmetric keys in combination with HMAC algorithm bsc935544 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2015-620. The text...

SSL Certificate Signed Using SHA-1 Algorithm

The remote service uses an SSL certificate chain that has been signed with SHA-1, a cryptographically weak hashing algorithm. This signature algorithm is known to be vulnerable to collision attacks. An attacker can potentially exploit this to generate another certificate with the same digital...

Cisco Ironport Appliances Privilege Escalation Vulnerability

Cisco Ironport Appliances Privilege Escalation Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.5.5-280 Cisco Ironport WSA - AsyncOS 8.0.5-075 Cisco Ironport SMA - AsyncOS 8.3.6-0 Date: 22/05/2014 Credits: Glafkos Charalambous CVE...

DESTOON V6.0 (2015-09-16) 前台无需登入sql 注入一枚

简要描述： 看了一晚上。还好挖到了、 涉及算法非暴力，以及一些sql姿势。 通宵提交的漏洞，可能算法剖析那写的有点不清楚，那就重复看几遍 = = 写了这么多，其实我就是想求个精华 详细说明： --------------------------------------------------------------------- 1 算法剖析篇 ------------- 相比以前 索马里的海贼 大牛破解的， 最新版的算法以及做了很大的改进。 function encrypt$txt, $key = '' $key or $key = DTKEY; $rnd = random32; $t...