CVE-2012-4571

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack...

CVE-2011-1096

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

[SECURITY] [DSA 2541-1] beaker security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2541-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 07, 2012 http://www.debian.org/security/faq -...

CVE-2012-5301

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data...

Default configuration

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data...

CVE-2012-5301

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data...

CVE-2012-5301

Cerberus FTP Server prior to version 5.0.4.0 is affected by a DES cipher weakness in SSH sessions, allowing potential eavesdropping and easier brute-force attacks on encrypted traffic. The vulnerability stems from default configurations that enable DES, increasing the risk of sensitive data discl...

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

openssl: record length handling integer underflow

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

openssl: record length handling integer underflow

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

LuxCal 2.7.0 XSS / LFI / Information Disclosure

Exploit for php platform in category web applications Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: email protected My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link:...

LuxCal 2.7.0 XSS / LFI / Information Disclosure

Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link: http://www.luxsoft.eu/dloader.php?file=luxcal270.zip Version: 2.7.0 Tested on:...

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

PYSEC-2012-1

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

Slackware: Security Advisory (SSA:2004-299-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-2541-1 beaker - information disclosure

Bulletin has no description...

New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessions

There is a feature supported by the SSL/TLS encryption standard and used by most of the major browsers that leaks enough information about encrypted sessions to enable attackers decrypt users’ supposedly protected cookies and hijack their sessions. The researchers who developed the attack that...

Splunk 4.3.3 - Arbitrary File Read

Splunk 4.3.3 - Arbitrary File Read Exploit Title: Splunk = 4.3.3 Reading Arbitrary Files Contents Date: 09/03/2012 Exploit Author: Marcio Almeida [email protected] Vendor Homepage: http://www.splunk.com/ Software Link: http://www.splunk.com/download?r=header Version: 4.3.3 and priors...

Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...