Fedora 24 : php-horde-Horde-Crypt (2017-e2a3e6fa12)

HordeCrypt 2.7.6 - mjr SECURITY: Fix remote code execution vulnerability CVE-2017-7413, and CVE-2017-7414. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

Fedora Update for php-horde-Horde-Crypt FEDORA-2017-e2a3e6fa12

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php-horde-Horde-Crypt FEDORA-2017-ed4c9b605b

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: php-horde-Horde-Crypt-2.7.6-1.fc24

The HordeCrypt package class provides an API for various cryptographic systems...

Horde Groupware Webmail 345 - Multiple Remote Code Executions

Horde Groupware Webmail 345 - Multiple Remote Code Executions Source: https://blogs.securiteam.com/index.php/archives/3107 Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Horde Groupware Webmail. Horde Groupware Webmail Edition is a free, enterprise ready,...

[SECURITY] Fedora 26 Update: php-horde-Horde-Crypt-2.7.6-1.fc26

The HordeCrypt package class provides an API for various cryptographic systems...

DEBIAN-CVE-2017-7414

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit...

DEBIAN-CVE-2017-7413

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email...

UBUNTU-CVE-2017-7414

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit...

Secure Anti Forensic Anonymous Operating System: kodachi

Secure Anti Forensic Anonymous Operating System Linux Kodachi operating system is based on Debian 8.6 it will provide you with a secure, anti forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure...

OpenSSH 7.2 - Denial of Service Exploit

Exploit for linux platform in category dos / poc Title : OpenSSH before 7.3 Crypt CPU Consumption DoS Vulnerability Author : Kashinath T email protected www.secpod.com Vendor : http://www.openssh.com/ Software : http://www.openssh.com/ Version : OpenSSH before 7.3 Tested on : Ubuntu 16.04 LTS,...

OpenSSH 7.2 - Denial of Service

Title : OpenSSH before 7.3 Crypt CPU Consumption DoS Vulnerability Author : Kashinath T [email protected] www.secpod.com Vendor : http://www.openssh.com/ Software : http://www.openssh.com/ Version : OpenSSH before 7.3 Tested on : Ubuntu 16.04 LTS, Centos 7 CVE : CVE-2016-6515 Date : 20-10-201...

DEBIAN-CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

UBUNTU-CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

[ASA-201611-21] slock: access restriction bypass

Arch Linux Security Advisory ASA-201611-21 ========================================== Severity: Medium Date : 2016-11-21 CVE-ID : CVE-2016-6866 Package : slock Type : access restriction bypass Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package slock before...

OpenSSH 'crypt()' Function Denial of Service Vulnerability

OpenSSH is a set of connection tools maintained by the OpenBSD Project Group for secure access to remote computers. A denial of service vulnerability exists in the OpenSSH 'crypt' function. An attacker can exploit this vulnerability to cause an application to enter an infinite loop, consuming...

Debian DLA-598-1 : suckless-tools security update

It was discovered that the slock screen locking tool would segfault when the user's account had been disabled. slock called crypt3 and used the return value for strcmp3 without checking to see if the return value of crypt3 was a NULL pointer. If the hash returned by getspnam-sppwdp was invalid,...

CVE-2016-5352

epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service application crash via a crafted packet...

Design/Logic Flaw

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...