freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)

$Id: freesshdkeyexchange.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Kingdee K3 emergence of serious security vulnerabilities, a hacker can easily read the database all the information-vulnerability warning-the black bar safety net

From the pixel buns Estimated other ERP Software also a lot of similar things, interested students can talk to about it. Reproduced start. This flaw in the K3 of each version are present and the same, including the new version of the K3 V12. 3 version. Major data security vulnerability is describ...

IPB <= 2.3.5 Improved SQL Injection Exploit

Exploit for php platform in category web applications =========================================== IPB Attention!\n"; echo "br...

IPB <= 3.0.1 SQL Injection Exploit

Exploit for php platform in category web applications ================================== IPB Attention!\n"; echo "\n"; echo "Error!\n"; echo "This exploit is meant to be used as php CLI script!\n"; echo "Mo...

Allow user accounts to require two-factor authentication using RFC 4226

New feature request. In light of the recent security hack at Apache, it might be prudent for JIRA to provide some more secure options for user authentication. One candidate is two-factor authentication using the RFC 4226 OATH/HOTP|http://en.wikipedia.org/wiki/HOTP standard. This requires the user...

RedHat Update for gnutls RHSA-2010:0166-01

Check for the Version of gnutls OpenVAS Vulnerability Test RedHat Update for gnutls RHSA-2010:0166-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CentOS Update for openssl CESA-2010:0163 centos3 i386

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2010:0163 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Hash brute force attack-vulnerability warning-the black bar safety net

Name: the end Tutorial: Hash brute force attack Nature: the translation of the article Time: 2 0 1 0 3 2 7 on Saturday ------------------------------------The above information↑------------------------------------ --------------------------------------The content of the...

gnutls security update

CentOS Errata and Security Advisory CESA-2010:0166 Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: gnutls security update

Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

[SECURITY] Fedora 13 Update: libpng-1.2.43-1.fc13

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

CVE-2010-0928

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation FWE algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to...

CVE-2010-0928

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation FWE algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to...

[SECURITY] Fedora 12 Update: argyllcms-1.0.4-5.fc12

The Argyll color management system supports accurate ICC profile creation f or scanners, CMYK printers, film recorders and calibration and profiling of displays. Spectral sample data is supported, allowing a selection of illuminants obse rver types, and paper fluorescent whitener additive...

Here's How to Fix Online Banking Fraud

Guest editorial by Roel Schouwenberg Over the last few months, there’s been quite a lot of news chatter around Banker Trojans emptying out online bank accounts of small businesses in the U.S. Today, I was reading one of such stories on Brian Krebs’ site. After reading that story I came across...

Debian DSA-1974-1 : gzip - several vulnerabilities

Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic...

openoffice.org: GIF file parsing heap overflow

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, related to LZW...

Algorithm Stops Local Scanning Worms

Researchers at Penn State University have developed an algorithm that defends against the spread of local scanning worms that search for hosts in “local” spaces within networks or sub-networks. This strategy allows them access to hosts that are clustered, which means once they infect one host, th...

CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities &#40;reversible encryption + weak ACL&#41;

|------------------------------------------------------------------| | | | / / / / | | / / / / / / / / / / / | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | | |------------------------------------------------- EIP Hunters...

Ipswitch IMail Server本地权限提升漏洞

BUGTRAQ ID: 38109 Ipswitch IMail Server是Ipswitch协作组件中捆绑的一个邮件服务器。 默认下IMail允许Internet Guest账号以Full Control权限访问以下注册表项及其子项和值：HKEYLOCALMACHINE\SOFTWARE\Ipswitch\IMail。此外 IMail的IMailsec.dll库中所实现的口令解密算法是可逆的，本地用户可以在HKEYLOCALMACHINE\SOFTWARE \Ipswitch\IMail\Domains\domain name\Users下找到Password字符串，然后破解加密的口...