SuSE 11.3 Security Update : kdelibs4 (SAT Patch Number 9676)

This update of the kdelibs4 KSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...

Key Flaw Enables Recovery of Files Encrypted by TorrentLocker

Crypto ransomware, a relatively unknown phenomenon a couple of years ago, has exploded into one of the nastier malware problems for Internet users. Variants such as CryptoLocker and CryptoWall have been siphoning money from victims for some time, and now researchers have dissected a newer variant...

Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20140813)

It was discovered that the OBJobj2txt function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. CVE-2014-3508 Multiple flaws were discovered in the way OpenS...

SOL15461 - OpenSSL vulnerability CVE-2011-4619

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Note: SGC...

VMware Horizon View Multiple Vulnerabilities (VMSA-2014-0006)

The version of VMware Horizon View installed on the remote Windows host is version 5.3.x prior to 5.3.2 or 5.3.x prior to 5.3 Feature Pack 3. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow...

HP Smart Update Manager 6.x < 6.4.1 Multiple Vulnerabilities

The version of HP Smart Update manager running on the remote host is prior to 6.4.1. It is, therefore, affected by the following vulnerabilities : - An error exists in the function 'ssl3readbytes' that can allow data to be injected into other sessions or allow denial of service attacks. Note that...

SOL15388 - OpenSSL vulnerability CVE-2011-4108

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. BIG-IP 11.x To...

McAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075)

The remote host is running a version of McAfee Email Gateway MEG that is affected by the multiple vulnerabilities related to the included OpenSSL library : - An error exists in the function 'ssl3readbytes' that can allow data to be injected into other sessions or allow denial of service attacks...

bouncycastle: TLS CBC padding timing attack

It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...

Exploit for Inadequate Encryption Strength in Openssl

OPENSSL CVE-2014-0224 MITM exploit demo. Author : @bluerust Blo...

CVE-2014-2955

Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password...

Raritian PX power distribution software is vulnerable to the cipher zero attack.

Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password. Description CWE-287: Improper...

NetZero ZeroPort 3.0 Weak Encryption Method Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1483/info Netzero is a free internet service provider which requires its users to run the application ZeroPort in order to log onto the network. The username and password is stored locally in a text file called id.dat and...

MySQL 3.x/4.0.x Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7500/info MySQL has been reported to implement a weak password encryption algorithm. It has been reported that the MySQL function used to encrypt MySQL passwords makes just one pass over the password and employs a weak le...

Splunk <= 4.3.3 Arbitrary File Read

No description provided by source. Exploit Title: Splunk = 4.3.3 Reading Arbitrary Files Contents Date: 09/03/2012 Exploit Author: Marcio Almeida [email protected] Vendor Homepage: http://www.splunk.com/ Software Link: http://www.splunk.com/download?r=header Version: 4.3.3 and priors...

IPSwitch IMail Server <= 8.1 - Local Password Decryption Utility

No description provided by source. / IpSwitch IMail Server = ver 8.1 User Password Decryption by Adik netmaniac hotmail KG IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords. It uses polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption sche...

OracleAS TopLink Mapping Workbench Weak Encryption Algorithm Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle Application Server releases...

FileZilla 2.2.15 FTP Client Hard-Coded Cipher Key Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the...

Junos Pulse Secure Access IVE / UAC OS Weak Cipher Information Disclosure (JSA10628)

According to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by an information disclosure vulnerability due to an issue where cipher suites with weak encryption algorithms are used even when cipher suites with strong encryption algorithms are enabled....

Cisco Releases Open Source FNR Cipher

Cisco has released a new open-source block cipher called FNR that is designed for encrypting small chunks of data, such as MAC addresses or IP addresses. The cipher is still in the experimental stage, but Cisco has released the source code and a demo application. The company suggests that the new...