3663 matches found
drchrono: SSL/TLS BEAST ATTACK
Supported versions: TLSv1.0 TLSv1.1 TLSv1.2 Deflate compression: no Supported cipher suites ORDER IS NOT SIGNIFICANT: TLSv1.0 RSAWITH3DESEDECBCSHA RSAWITHAES128CBCSHA RSAWITHAES256CBCSHA TLSECDHERSAWITH3DESEDECBCSHA TLSECDHERSAWITHAES128CBCSHA TLSECDHERSAWITHAES256CBCSHA TLSv1.1: idem TLSv1.2...
Apple OS X El Capitan Disk Utility Denial of Service Vulnerability
Apple OS X El Capitan is an operating system on Apple devices. A security vulnerability in Apple OS X El Capitan Disk Utility allows attackers to exploit the vulnerability to prevent the program from compressing and encrypting disk images...
Compression Side-Channel Attack Framework: Rupture
A COMPRESSION SIDE-CHANNEL ATTACK FRAMEWORK Rupture is a framework for easily conducting BREACH and other compression-based attacks Rupture is a framework for conducting network attacks against web services. It is focused on compression-attacks, but provides a generalized scalable system for...
[SECURITY] Fedora 23 Update: openvpn-2.3.11-1.fc23
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for...
[SECURITY] Fedora 24 Update: openvpn-2.3.11-1.fc24
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for...
7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0093 7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability May 10, 2016 CVE Number CVE-2016-2334 DESCRIPTION An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of...
SUSE SLED12 Security Update : python-tornado (SUSE-SU-2016:1195-1)
The python-tornado module was updated to version 4.2.1, which brings several fixes, enhancements and new features. The following security issues have been fixed : - A path traversal vulnerability in StaticFileHandler, in which files whose names started with the staticpath directory but were not...
libgd 2.1.1 - Signedness Heap Overflow
Exploit for linux platform in category remote exploits Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd...
WordPress <= 4.4.2 - Script Compression Option CSRF
...
BREACH exploits from Gmail, Facebook, steal sensitive information-vulnerability warning-the black bar safety net
2 0 1 3 summer,two researchers found that the use of and continue to attack Gmail and Facebook chat sessions flow a new method,that is, BREACH exploits,and before that,such attacks never walk into people's line of sight. ! Late last week,the study in Singapore, the Asia black hat conference is...
BREACH Revived to Steal Private Messages from Gmail, Facebook
The BREACH attack hasn’t been top of mind since the summer of 2013, but two researchers have found new ways to exploit and persistently attack traffic, including Gmail and Facebook chat sessions. The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of th...
[SECURITY] Fedora 22 Update: vtun-3.0.3-15.fc22
VTun provides a method for creating Virtual Tunnels over TCP/IP networks and allows one to shape, compress, and encrypt traffic in those tunnels. Supported types of tunnels are: PPP, IP, Ethernet and most other serial protocols and programs. VTun is easily and highly configurable: it can be used...
[SECURITY] Fedora 24 Update: vtun-3.0.3-15.fc24
VTun provides a method for creating Virtual Tunnels over TCP/IP networks and allows one to shape, compress, and encrypt traffic in those tunnels. Supported types of tunnels are: PPP, IP, Ethernet and most other serial protocols and programs. VTun is easily and highly configurable: it can be used...
CVE-2016-1968
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via crafted data with brotli compression...
CVE-2016-1624
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via crafted data with brotli compression...
Integer overflow
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via crafted data with brotli compression...
CVE-2016-1624
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via crafted data with brotli compression...
CVE-2016-1624
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via crafted data with brotli compression...
libtiff denial of service vulnerability (CNVD-2016-01057)
LibTiff is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTiff's tifluv.c file that stems from the presence of invalid 'sample/pixel' values in TIFF image...
DEBIAN-CVE-2015-8781
tifluv.c in libtiff allows attackers to cause a denial of service out-of-bounds write via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782...