ASP Nuke - SQL Injection Vulnerability

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub11-asp-nuke-sql-injection-vulnerability/ ''' Abysssec Inc Public Advisory Title : ASP Nuke Sql Injection...

Painkiller <= 1.35 in-game cd-key alpha-numeric Buffer Overflow Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h / Painkiller packet's password encoder/decoder 0.1 by Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org INTRODUCTION ============ When you want to...

Ventrilo <= 2.3.0 - Remote Denial of Service Exploit (all platforms)

No description provided by source. / by Luigi Auriemma Windows compiled version: http://aluigi.altervista.org/poc/ventboom.zip /str0ke / include stdio.h include stdlib.h include string.h / Ventrilo UDP status algorithm 0.1 by Luigi Auriemma e-mail: [email protected] web:...

Ingenium Learning Management System 5.1/6.1 Reversible Password Hash Weakness

No description provided by source. source: http://www.securityfocus.com/bid/5970/info Ingenium Learning Management System uses a weak algorithm to hash user and administrative credentials. Passwords may be trivially obtained by reversing the password hash. An attacker must be able to gain...

[oss-security] LMS-2014-06-16-5: Linux Kernel LZ4

Hello All, A vulnerability has been identified in the Linux kernel LZ4 implementation. Please find the bug report attached inline. Best, Don A. Bailey Founder / CEO Lab Mouse Security https://www.securitymouse.com/ Lab Mouse Security Report LMS-2014-06-16-5 Report ID: LMS-2014-06-16-5 CVE ID:...

[oss-security] LMS-2014-06-16-2: Linux Kernel LZO

Hello All, A vulnerability has been identified in the Linux kernel implementation of the LZO algorithm. Please find the bug report inline. Best, Don A. Bailey Founder / CEO Lab Mouse Security https://www.securitymouse.com/ Lab Mouse Security Report LMS-2014-06-16-2 Report ID: LMS-2014-06-16-2 CVE...

20-Year Old Vulnerability Patched in Compression Algorithm

A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...

[SECURITY] Fedora 20 Update: gnupg-1.4.17-1.fc20

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

Internet Bug Bounty: LZ4 Core

Lab Mouse Security Report LMS-2014-06-16-6 Report ID: LMS-2014-06-16-6 CVE ID: CVE-2014-4611 Researcher Name: Don A. Bailey Researcher Organization: Lab Mouse Security Researcher Email: donb at securitymouse.com Researcher Website: www.securitymouse.com Vulnerability Status: Reported / No respons...

Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. Independent researcher Aditya Sood has identified a weak hashing algorithm...

Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl)

The remote Windows host has a version of Cisco Jabber installed that is known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOA...

Cisco ONS 15400 Series Devices Multiple Vulnerabilities in OpenSSL

The remote Cisco ONS device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOAD' cache...

Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL

The remote Cisco TelePresence MCU device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOAD...

CVE-2014-4193

The TLS implementation in EMC RSA BSAFE-Java Toolkits aka Share for Java supports the Extended Random extension during use of the DualECDRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than...

CVE-2013-6078

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager DPM 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging...

Code injection

The TLS implementation in EMC RSA BSAFE-C Toolkits aka Share for C and C++ sends a long series of random bytes during use of the DualECDRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than...

Default configuration

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager DPM 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging...

openSUSE Security Update : libgcrypt (openSUSE-SU-2013:1294-1)

libgcrypt was updated to 1.5.3 bnc831359 to fix a security issue, bugs and get some new features : Security issue fixed : - Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See . - contains changes from 1.5.2 - The upstream sources now contain the IDEA algorithm,...

openSUSE Security Update : xtrabackup (openSUSE-SU-2013:1864-1)

Percona XtraBackup was updated to 2.1.6 bnc852224 - New Features : - New innobackupex --force-non-empty-directories option - now supports logs created with the new log block checksums - New Features specific to MySQL 5.6: option innodblogchecksumalgorithm in Percona Server 5.6 - Bugs Fixed : -...

openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods CVE-2011-2483. SUSE's crypt implementation supports the blowfish password hashing...