Oracle Linux 5 : openssl (ELSA-2010-0054)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0054 advisory. - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables 510197 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2033)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2033 advisory. - ipv6: make fragment identifications less predictable Joe Jin CVE-2011-2699 - vlan: fix panic when handling priority tagged frames Joe Jin...

Oracle Linux 3 : libtiff (ELSA-2008-0863)

From Red Hat Security Advisory 2008:0863 : Updated libtiff packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff packages contain a library of...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2047)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-2047 advisory. - mm/hotplug: correctly add new zone to all other nodes zone lists Jiang Liu Orabug: 16020976 Bug-db: 14798 CVE-2012-5517 - Divide by zero in TCP...

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2013-029 CVE Identifier: CVE-2013-0941 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

CentOS 5 : java-1.6.0-openjdk (CESA-2009:1584)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJD...

CentOS 5 : php53 (CESA-2012:1047)

Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CVE-2013-1699

The Internationalized Domain Name IDN display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters...

Tipask 2.0 加密函数破解导致任意用户密码修改

简要描述： Tipask问答系统是一款开放源码的PHP仿百度知道程序。以国人的使用习惯为设计理念，采用MVC构架，系统具有速度快，SEO友好，界面操作简洁明快等特点。 但是Tipask中使用的加密算法存在被破解的可能性，因此将导致包括任意用户密码修改等漏洞的发生。 详细说明： 在核心加密算法strcode函数中： / 通用加密解密函数，phpwind、phpcms、dedecms都用此函数 / function strcode$string, $authkey, $action= 'ENCODE' $key = substrmd5$SERVER "HTTPUSERAGENT"...

Design/Logic Flaw

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...

CVE-2013-0523

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...

Design/Logic Flaw

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AROEM IN, AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300,...

CVE-2012-4960

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AROEM IN, AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300,...

CVE-2012-4960

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AROEM IN, AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300,...

CVE-2012-4960

CVE-2012-4960 covers a DES-based password encryption weakness in Huawei networking devices (including NE5000E, NE40E/80E, CX/ CX600, and related models). The root cause is use of DES for stored passwords, enabling brute-force or context-dependent attacks to recover cleartext passwords. Public adv...

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

PT-2013-77: Using a weak hashing algorithm in SIMATIC WinCC Open Architecture

The specialists of the Positive Research center have detected an Using a weak hashing algorithm vulnerability in SIMATIC WinCC Open Architecture. The SIMATIC WinCC OA server application has a weak hashing algorithm for project users’ credentials. Attackers might be able to escalate their privileg...