Ubuntu: Security Advisory (USN-1322-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1287-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 17 Update: pyfribidi-0.11.0-1.fc17

PyFriBidi is a simple Python binding for FriBidi, providing an implementation of The Unicode Bidirectional Algorithm in Python...

Outer Ear Authentication

The insides of our ears are a mysterious place for most of us. It turns out, however, that there’s more going on in there than we expected. In a study presented at the IEEE Fourth International Conference on Biometrics in September of 2010, researchers used a shape-finding algorithm to determine ...

Cryptosystems Showing Signs of 'Wear and Tear'

SAN FRANCISCO– It’s been an interesting year in the cryptography world, with new attacks on several algorithms, continued problems with hash functions and the recent research on weak RSA keys. With all of that as a backdrop, some of the brightest minds in the field, gathered here for the RSA...

gnutls: unknown hash algorithm NULL pointer derefence [GNUTLS-SA-2006-2]

The gnutlsx509oid2macalgorithm function in lib/gnutlsalgorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service crash via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference...

RedHat Update for cups RHSA-2012:0302-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

What You Need to Know About the RSA Key Research

It’s always slightly disorienting and confusing when a story about something as esoteric as weak encryption keys produced by poor random number generators makes its way into the real world and begins scaring the citizens. This can lead to confusion and worry about whether everyone’s online bankin...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)

It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...

Cryptographers : Satellite phones vulnerable to eavesdropping

Cryptographers : Satellite phones vulnerable to eavesdropping Researchers at a German university claim to have cracked the algorithm that secures satellite phone transmissions. They have broken the encryption of the two main standards used to protect calls from satellite phones, giving them the...

Phpcms V9 uc api SQL注入漏洞

1.未启用ucenter服务的情况下uckey为空 define'UCKEY', pcbase::loadconfig'system', 'uckey'; 2. deleteuser接口存在SQL注入漏洞，UC算法加密的参数无惧GPC,程序员未意识到$get'ids'会存在SQL注入情况。 public function deleteuser$get,$post pcbase::loadappfunc'global', 'admin'; pcbase::loadappclass'messagequeue', 'admin' , 0; $ids =...

SuSE 11.1 Security Update : glibc (SAT Patch Number 4944) (deprecated)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods. CVE-2011-2483 SUSE's crypt implementation supports the blowfish password hashing...

CVE-2011-4354

OpenSSL vulnerability CVE-2011-4354 affects OpenSSL before 0.9.8h on 32-bit platforms, in the ECDH/ECDHE handshake with P-256 and P-384 curves, due to an incorrect modular reduction algorithm in bn_nist.c. This design flaw allows remote attackers to obtain the TLS server private key after multipl...

CVE-2011-4354

crypto/bn/bnnist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows...

MySQL Weak Hash Algorithm

The version of MySQL installed on the remote host is older than 4.1.1. As such, it reportedly uses a weak algorithm to hash the passwords. A attacker who can read the mysql.user table will be able to retrieve the plaintext passwords quickly by brute-force attack. C Tenable Network Security, Inc...

FreeBSD : Multiple implementations -- DoS via hash algorithm collision (91be81e7-3fea-11e1-afc7-2c4138874f7d)

oCERT reports : A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particul...

Fedora Update for openssl FEDORA-2012-0250

Check for the Version of openssl OpenVAS Vulnerability Test Fedora Update for openssl FEDORA-2012-0250 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Ubuntu 11.10 : linux vulnerability (USN-1322-1)

Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable h...

Fully automated MySQL5 boolean based enumeration tool

Fully automated MySQL5 boolean based enumeration tool Blackhatacademy Developers releases Fully automated MySQL5 boolean based enumeration tool. By default, this script will first determine username, version and database name before enumerating the informationschema information. When the -q flag ...

Multiple implementations -- DoS via hash algorithm collision

oCERT reports: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particula...