SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

Design/Logic Flaw

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain...

CVE-2012-3018

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain...

CVE-2012-3018

CVE-2012-3018 affects ICONICS GENESIS32 (<= 9.22) and BizViz (

FreeBSD : phpmyadmin -- multiple vulnerabilities (d79fc873-b5f9-11e0-89b4-001ec9578670)

The phpMyAdmin development team reports : XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loc...

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...

FreeBSD : phpmyadmin -- multiple vulnerabilities (7e4e5c53-a56c-11e0-b180-00216aa06fc2)

The phpMyAdmin development team reports : It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...

Debian DSA-2176-1 : cups - several vulnerabilities

Several vulnerabilities have been discovered in the Common UNIX Printing System : - CVE-2008-5183 A NULL pointer dereference in RSS job completion notifications could lead to denial of service. - CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of...

Sql injection

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

Debian: Security Advisory (DSA-2096-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2108-1 : cvsnt - programming error

It has been discovered that in cvsnt, a multi-platform version of the original source code versioning system CVS, an error in the authentication code allows a malicious, unprivileged user, through the use of a specially crafted branch name, to gain write access to any module or directory, includi...

Thousand Bo enterprise website management system v2010 Build 0 7 1 6 vulnerability analysis-vulnerability warning-the black bar safety net

Release time: 2010-07-16 Affected version: Thousand Bo enterprise website management system v2010 Build 0 7 1 6 Vulnerability Description: The search type injection vulnerability Default background address: http://127.1/system/AdminLogin.Asp Publishing author: m4r10 reproduced please indicate the...

Commercial up hearing intelligent shop management system advanced Enterprise Edition Free Edition 9. 0 injection vulnerability-vulnerability warning-the black bar safety net

This article from the San ㄗ Feng 訫 locks of love'S Blog Commercial up hearing intelligent shop management system advanced Enterprise Edition Free Edition 9. 0 injection vulnerability This system is very large, the file a lot, I have no one to look after, most of the parameters are SafeRequest...

Network Information release system(WRMPS)through the kill 0day-vulnerability warning-the black bar safety net

Pass to kill,kill official Search:Powered By WRMPS 1. Registration-column directory Plus/UpLoad/uploadfile. asp? Type=1&User=1&dir=...././/..../.// data Plus/UpLoad/uploadfile. asp? Type=1&User=1&dir=...././/..../.// admin This use is not greater than ,the password only the MD5 in the top ten,2B...

RedHat Security Advisory RHSA-2008:0002

The remote host is missing updates announced in advisory RHSA-2008:0002. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

The new universal login password-vulnerability warning-the black bar safety net

Black hand 5 monthly on oldjun article, Others sample issues are all here,on TMB I received less than a-.-. Articles taken are as follows: There are many online such login authentication code % username=trimRequest. Form"username" password=trimRequest. Form"password" sql="Select FROM admin Where...

RedHat Update for tog-pegasus RHSA-2008:0002-01

Check for the Version of tog-pegasus OpenVAS Vulnerability Test RedHat Update for tog-pegasus RHSA-2008:0002-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CentOS Update for tog-pegasus CESA-2008:0002 centos4 x86_64

Check for the Version of tog-pegasus OpenVAS Vulnerability Test CentOS Update for tog-pegasus CESA-2008:0002 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...