CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

CVE-2011-4576

OpenSSL CVE-2011-4576 affects SSL 3.0 padding initialization: the implementation does not properly initialize data structures for block cipher padding, allowing a remote attacker to potentially recover plaintext by decrypting the padding data. Affected releases: OpenSSL before 0.9.8s and 1.x befo...

CVE-2012-0027

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service daemon crash via crafted data from a TLS client...

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities

Binary data 6129.prm...

CVE-2011-4922

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. It was discovered that libpurple versions prior to 2.7.10...

CVE-2011-4747

The billing system for Parallels Plesk Panel 10.3.1build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7462)

Malicious clients could have downgraded a connection to a low strength cipher suite on session resumption if the server offers such ciphers CVE-2010-4180. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

OpenSSL 0.9.8f < 0.9.8h Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.8h. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8h advisory. - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service crash via a TLS handshake that omits the Server Key...

Windows Gather Wireless Current Connection Info

This module gathers information about the current connection on each wireless lan interface on the target machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Wireless Curren...

Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk)

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Malware Writers Use Block Cipher in Latin America

The creators of banking trojan programs in Brazil are using sophisticated block ciphers to encrypt their malware, making detection by anti virus products more difficult. The discovery, by Kaspersky Lab researcher Dmitry Bestuzhev is the first known report of block ciphers being used in connection...

Critical: java-1.6.0-openjdk

Issue Overview: A flaw was found in the Java RMI Remote Method Invocation registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. CVE-2011-3556 A flaw was found in the Java RMI registry implementation. A remote RMI client...

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

Microsoft Windows SSL/TLS信息泄露漏洞

CVE ID: CVE-2011-3389 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows在SSL/TLS协议的实现上存在信息泄露漏洞，远程攻击者可利用此漏洞泄露敏感信息并劫持用户会话。 此漏洞源于在CBC模式中结合对称密码套件使用Secure Sockets Layer 3.0 SSL和Transport Layer Security 1.0 TLS 协议时出现的设计错误，通过中间人攻击加密HTTPS会话。 Microsoft Windows Microsoft Windows XP Home Microsoft Windows ...

Deprecated

This plugin has been deprecated and is no longer functional. It was originally written to check Microsoft's workaround for CVE-2011-3389, but was replaced by plugin 57474 which checks for the patch that fixes this CVE. %NASLMINLEVEL 999999 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on...

Microsoft Pushes FixIt Tool to Enable Support for Newer TLS Version

Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack. The Microsoft advisory lay...

Debian Security Advisory DSA 2309-1 (openssl)

The remote host is missing an update to openssl announced via advisory DSA 2309-1. OpenVAS Vulnerability Test $Id: deb23091.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2309-1 openssl Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

CVE-2011-1509

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus SDP 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

Design/Logic Flaw

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus SDP 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...