Hackers Leverage Cloud Computing to Crack Passwords Efficiently

On-demand cloud computing is a valuable tool for companies needing temporary computing capacity without long-term investment in fixed capital. However, this same convenience makes cloud computing useful to hackers. Many hacking activities involve cracking passwords, keys, or other forms of brute...

MD5: MD5 Message-Digest Algorithm is not collision resistant

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate...

Fedora 13 : glibc-2.12.1-3 (2010-16594)

Fix strstr and memmem algorithm BZ12092, 641124 - Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version strncmp BZ12077 - Never expand $ORIGIN in privileged programs 643306, CVE-2010-3847 Note that Tenable Network Security has extracted the preceding description block directly from...

Fedora 14 : glibc-2.12.90-17 (2010-16308)

Implement accurate fma BZ3268, 43358 - Fix alignment of AVX save area on x86-64 BZ12113 - Fix regex memory leaks BZ12078 - Improve output of psiginfo BZ12107, BZ12108 - Don't return NULL address in getifaddrs BZ12093 - Fix strstr and memmem algorithm BZ12092, 641124 - Don't discard result of...

ASP Nuke - SQL Injection

ASP Nuke - SQL Injection ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | 0 " & "...

ASP Nuke - SQL Injection

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub11-asp-nuke-sql-injection-vulnerability/ ''' Abysssec Inc Public Advisory Title : ASP Nuke Sql Injection Vulnerability Affected Version :...

Month Of Abysssec Undisclosed Bugs - ASP Nuke 0.80

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | 0 " & "AND art.Archive = 0" Considering to the code, you can bro...

Apache Derby Information Disclosure Vulnerability

Apache Derby is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:derby";...

[SECURITY] Fedora 14 Update: bogofilter-1.2.2-1.fc14

Bogofilter is a Bayesian spam filter. In its normal mode of operation, it takes an email message or other text on standard input, does a statistical check against lists of "good" and "bad" words, and returns a status code indicating whether or not the message is spam. Bogofilter is designed with...

Design/Logic Flaw

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to...

Design/Logic Flaw

Cisco Unified Wireless Network UWN Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660...

US CERT Warns on VxWorks Flaws

The U.S. Computer Emergency Readiness Team has issued two warnings on flaws in the embedded systems’ OS technology VxWorks as discovered by researcher HD Moore. One flaw deals with weakness in the hashing algorithm of the API authentication; The second regards debug settings being enabled by...

VxWorks weak wuthentication

Weak password hashing algorythm with large collision probability...

Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)

Overview The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Description An attacker with a known username and access to a...

Google Chrome multiple vulnerabilities - July 10

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnjul10.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - July 10 Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Skype's Encryption Algorithm Exposed

A group of code breakers believe they have successfully reverse engineered Skype’s implementation of the RC4 cipher, one of several encryption technologies used by the consumer-oriented VoIP service. Read the full article. The Register...

Google Chrome 5.0.375.99更新修复多个安全漏洞

BUGTRAQ ID: 41334 CVE ID: CVE-2010-2645,CVE-2010-2646,CVE-2010-2647,CVE-2010-2648,CVE-2010-2649,CVE-2010-2650,CVE-2010-2651,CVE-2010-2652 Google Chrome是Google发布的开源WEB浏览器。 Chrome的5.0.375.99版本更新修复了多个安全漏洞，用户受骗访问恶意网页就可能导致拒绝服务或完全入侵用户系统。 1 在使用WebGL时Chrome中可能出现越界读访问错误。 2 Chrome没有正确地隔离沙盒中的IFRAME元素。 3...

CVE-2010-2648

The implementation of the Unicode Bidirectional Algorithm aka Bidi algorithm or UBA in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

Memory corruption

The implementation of the Unicode Bidirectional Algorithm aka Bidi algorithm or UBA in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

CVE-2010-2648

The implementation of the Unicode Bidirectional Algorithm aka Bidi algorithm or UBA in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...