CVE-2014-5413

CVE-2014-5413 affects Schneider Electric StruxureWare SCADA Expert ClearSCADA (2010 R3 through 2014 R1). The root issue is weak cryptographic controls: the self-signed web certificate uses MD5, enabling potential cryptographic spoofing of servers. Additionally, ICS-CERT describes a cross-site scr...

CVE-2014-5413 Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm...

More 1024-Bit Certificates to Be Deprecated in Firefox

When Mozilla released Firefox 32 last week, the company removed several root certificates from the trust store for the browser. The move wasn’t because the certificates were fraudulent or the CAs that issued them were compromised, but because the certificates use 1024-bit keys. This is the first...

SNMP Authorization

This script allows users to enter the information required to authorize and login via SNMP. These data are used by tests that require authentication. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

Information disclosure

The Configuration Patterns component in IBM Flex System Manager FSM 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module CMM account creation, which makes it easier for remote authenticated users to defeat cryptographic protection...

Fedora 20 : php-htmlpurifier-htmlpurifier-4.6.0-1.fc20 (2014-9361)

HTML Purifier 4.6.0 is a major security release, fixing numerous bad quadratic asymptotics in HTML Purifier's core algorithms. Most users will see a decent speedup on large inputs, although small inputs may take longer. Additionally, the secure URI munging algorithm has changed to do a proper HMA...

HashCat Introduction: Break That Hash

When the Bitcoin mining craze hit its peak, people felt the tug to join this new community and make some easy money. The Concepts behind Bitcoin mining intrigued me, in particular the new use of graphics processors GPUs. With a moderately expensive video card, you could bring in enough money to p...

What does a pointer look like, anyway?

Posted by Chris Evans, Renderer of Modern Art In Adobe’s August 2014 Flash Player security update, we see: These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545. I...

NewGOZ Gameover Zeus Botnet Rebuilds

It didn’t take long for an updated version of GameOver Zeus to make some headway in rebuilding itself. Research published today from Arbor Networks demonstrates that cybercriminals behind GameOver Zeus, which was taken down by law enforcement in early June, have renewed the botnet with at least...

OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

The OpenSSL service on the remote host is vulnerable to a man-in-the-middle MiTM attack, based on its acceptance of a specially crafted handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material ha...

HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities

The RPM installation of HP Version Control Agent VCA on the remote Linux host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL : - An error exists in the 'ssl3readbytes' function that permits data to be injected into other sessions ...

Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm

No description provided by source. Exploit Title: Sky Broadband Router – Weak algorithm used to generate WPA-PSK Key Google Dork: Date: 08/08/2014 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf Version: Category: Remote Tested on: Sky SR1...

Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm

Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm Exploit Title: Sky Broadband Router – Weak algorithm used to generate WPA-PSK Key Google Dork: Date: 08/08/2014 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf Version: Categor...

Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm

Exploit Title: Sky Broadband Router – Weak algorithm used to generate WPA-PSK Key Google Dork: Date: 08/08/2014 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf Version: Category: Remote Tested on: Sky SR101 Router The SR101 routers supplie...

Cobham Aviator satellite terminals contain multiple vulnerabilities

Overview Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Description Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:CWE-327:Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-2942 Please note that th...

Updated eet packages fix security vulnerability

Integer overflow in the LZ4 algorithm implementation on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an AP...

MGASA-2014-0321 Updated eet packages fix security vulnerability

Integer overflow in the LZ4 algorithm implementation on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an AP...

IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacke...

New GameOver Zeus Botnet Malware Variant Surfaces

The GameOver Zeus takedown was trumpeted as a victory against cybercrime, and for all its success, even those involved understood it was likely a temporary win. Researchers at Seculert have spotted a new variant of GameOver Zeus that has spurned previous versions’ peer-to-peer communication...

Important: java-1.6.0-openjdk

Issue Overview: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discover...