Apple Releases iOS 5, Removes DigiNotar Certs From iPhones, iPads

Apple has released iOS 5, which includes a significant number of security updates, most notably the removal of the DigiNotar root certificates from the iOS trusted root list. The new operating system for iPhones, iPads and iPods also includes support for newer versions of the TLS protocol and...

QQ2011会话密钥泄露漏洞

腾讯QQ是在中国非常广泛使用的即时聊天工具。 Windows平台上QQ的客户端（包括QQ2010/2011等版本）在实现上存在安全漏洞，在生成会话密钥相关的临时密钥时使用了不安全的随机密钥生成算法，导致攻击者可以通过监听用户登录得到会话密钥，进而可以添加、修改、查看所有的聊天记录。 Tencent QQ 2011 Tencent QQ 2010 厂商补丁： Tencent ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://im.qq.com/qq/dlqq.shtml...

Deprecated

This plugin has been deprecated and is no longer functional. It was originally written to check Microsoft's workaround for CVE-2011-3389, but was replaced by plugin 57474 which checks for the patch that fixes this CVE. %NASLMINLEVEL 999999 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on...

Multiples Vulnerabilities in ManageEngine ServiceDesk Plus

Core Security - Corelabs Advisory 1. Advisory Information Title: Multiples Vulnerabilities in ManageEngine ServiceDesk Plus Advisory ID: CORE-2011-0506 Advisory URL: http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp Date published: 2011-09-14 Date of last update:...

SuSE 11.1 Security Update : yast2-core (SAT Patch Number 5078)

This update of yast2-core fixes security issues and a bug : - When setting a password for a user, use blowfish algorithm id 2y instead of 2a. bnc700876 / CVE-2011-2483 - Log YCP client arguments only with y2debug, not to reveal AutoYaST passwords. bnc492746 - ini-agent: Fixed a test failure 'wron...

CVE-2011-3188

The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...

SuSE9 Security Update : glibc suite (YOU Patch Number 12813)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods. CVE-2011-2483 SUSE's crypt implementation supports the blowfish password hashing...

SuSE 10 Security Update : glibc (ZYPP Patch Number 7659)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods. CVE-2011-2483 SUSE's crypt implementation supports the blowfish password hashing...

Sagem Router Fast 330434643504 - Telnet Authentication Bypass

Sagem Router Fast 330434643504 - Telnet Authentication Bypass !/home/bin/python Remote Exploit: SAGEM ROUTER FAST 3304/3464/3504 - Telnet Authentication bypass Date: 15-August-2011 Author: Elouafiq Ali Version: 3304-V1 / 3304-V2 / 3464 / 3504 Tested on: Linux Ubuntu 11.04, Linux Backtrack 5 Teste...

Sagem Router Fast 3304/3464/3504 - Telnet Authentication Bypass

!/home/bin/python Remote Exploit: SAGEM ROUTER FAST 3304/3464/3504 - Telnet Authentication bypass Date: 15-August-2011 Author: Elouafiq Ali Version: 3304-V1 / 3304-V2 / 3464 / 3504 Tested on: Linux Ubuntu 11.04, Linux Backtrack 5 Tested Router: SAGEM FAST 3304-V2 Tested on Resellers/ISPs: Wanadoo...

CentOS Update for libtiff CESA-2009:1159 centos3 i386

Check for the Version of libtiff OpenVAS Vulnerability Test CentOS Update for libtiff CESA-2009:1159 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for openssl CESA-2010:0054 centos5 i386

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2010:0054 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for gnutls CESA-2010:0166 centos5 i386

Check for the Version of gnutls OpenVAS Vulnerability Test CentOS Update for gnutls CESA-2010:0166 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

SOL12998 - OpenSSL vulnerability CVE-2011-1945

The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine...

IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. PM34841 - A...

Fedora 14 : apr-1.4.5-1.fc14 (2011-6918)

Move to 1.4.x branch. Various bug fixes since 1.4.2. Security: CVE-2011-0419 Reimplement aprfnmatch from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch spec. Note: 1.4.3 was never officially released. Fix CVE-2011-1928 introduced in 1.4.4. Note that Tenable...

Fedora 13 : apr-1.4.5-1.fc13 (2011-7340)

Move to 1.4.x branch. Various bug fixes since 1.4.2. Security: CVE-2011-0419 Reimplement aprfnmatch from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch spec. Note: 1.4.3 was never officially released. Fix CVE-2011-1928 introduced in 1.4.4. Note that Tenable...

OpenDrive <= 1.3.141 Local Password Disclosure

Exploit for windows platform in category local exploits / Title: OpenDrive include include int ReadRegistryKey LPBYTE lpBuffer, LPDWORD lpBufferSize, HKEY hKey, LPCTSTR lpszSubKey, LPCTSTR lpszValueName HKEY hKeyLocal; int nType; if RegOpenKeyExhKey, lpszSubKey, 0, KEYREAD, &hKeyLocal ==...

OpenDrive 1.3.141 - Local Password Disclosure

OpenDrive 1.3.141 - Local Password Disclosure / Title: OpenDrive include include int ReadRegistryKey LPBYTE lpBuffer, LPDWORD lpBufferSize, HKEY hKey, LPCTSTR lpszSubKey, LPCTSTR lpszValueName HKEY hKeyLocal; int nType; if RegOpenKeyExhKey, lpszSubKey, 0, KEYREAD, &hKeyLocal == ERRORSUCCESS if...

OpenDrive 1.3.141 - Local Password Disclosure

/ Title: OpenDrive include include int ReadRegistryKey LPBYTE lpBuffer, LPDWORD lpBufferSize, HKEY hKey, LPCTSTR lpszSubKey, LPCTSTR lpszValueName HKEY hKeyLocal; int nType; if RegOpenKeyExhKey, lpszSubKey, 0, KEYREAD, &hKeyLocal == ERRORSUCCESS if RegQueryValueEx hKeyLocal, lpszValueName, 0,...