apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

CVE-2013-2953

IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate...

Design/Logic Flaw

IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate...

CVE-2013-2953

IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate...

CVE-2013-0941

EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the no...

CVE-2013-0941

EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the no...

CVE-2013-0941

CVE-2013-0941 affects RSA/SecurID components. The node secret in affected products is stored using a dated encryption algorithm with a weak key, exposing confidentiality and integrity risk for local communications between RSA/Access Manager components. Affected: RSA Authentication API up to 8.1 S...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

PushDo Malware DGA Now Generates .KZ Domains

For every punch a hacker throws, there is a counter from a security company, and then, inevitably, the hacker adjusts again. That’s what’s happening right now with the PushDo malware. This week, Dell SecureWorks, Damballa Lab and Georgia Tech University combined on a research report exposing the...

PushDo Malware Returns with Domain Generation Algorithm

Four times since 2008, authorities and technology companies have taken the prolific PushDo malware and Cutwail spam botnet offline. Yet much like the Energizer Bunny, it keeps coming back for more. In early March, researchers at Damballa discovered a new version of the malware that had adopted a...

Google Apps Directory Sync < 3.1.6 Weak Stored Credential Local Disclosure

The version of Google Apps Directory Sync installed on the remote host is earlier than 3.1.6 and is, therefore, affected by a weak stored credential local disclosure vulnerability. An issue exists in the way 'PBEwithMD5andDES' Java encryption algorithm is implemented, allowing a local attacker to...

LivingSocial Ups its Password Encryption After Breach

The popular daily deal site LivingSocial announced Monday it has abandoned the SHA1 hash for Blowfish’s bcrypt following a massive data breach that impacted 50 million customers. The company confirmed last weekend that its computer systems were attacked and thieves gained access to names, e-mail...

SSL/TLS: Collect and Report Certificate Details

This script collects and reports the details of all SSL/TLS certificates. This data will be used by other tests to verify server certificates. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Aastra IP Telephone hardcoded telnet admin password

Aastra IP Telephone hardcoded telnet admin password --------------------------------------------------- Affected products ================= Aastra 6753i IP Telephone Firmware Version 3.2.2.56 Firmware Release Code SIP Boot Version 2.5.2.1010 Background ========== "The 6753i from Aastra offers...

Google AD Sync Tool - Exposure of Sensitive Information Vulnerability - Security Advisory - SOS-13-001

Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync GADS Tool Platform. Windows, Linux, Solaris Affected versions. All versions up to 3.1.3 Severity Rating. High Impact. Exposure of...

Vanilla Forums 2-0-18-4 - SQL-Injection Vulnerability

SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. To insert an arbitrary user, a sample HTTP-Post Request looks as follows: POST /PATH/vanilla/entry/signin HTTP/1.1 Host: HOST User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; rv:19.0...

Python 'py-bcrypt' 模块身份验证绕过漏洞(CVE-2013-1895)

BUGTRAQ ID: 58702 CVECAN ID: CVE-2013-1895 Py-bcrypt是OpenBSD Blowfish密码哈希算法的实现。 Python py-bcrypt 0.3之前版本没有正确执行并发内存范围操作，在实现上存在身份验证绕过漏洞，可被利用绕过安全限制，非法访问系统。 0 Python py-bcrypt Module 0.x 厂商补丁： Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： www.python.org...

CVE-2011-4515

Siemens WinCC TIA Portal 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging 1 physical access or 2 Sm@rt Server access...

Design/Logic Flaw

Siemens WinCC TIA Portal 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging 1 physical access or 2 Sm@rt Server access...