5397 matches found
OpenSSL RSA Signature Forgery Vulnerability
OpenSSL versions 0.9.7j and prior and 0.9.8b and prior contain a vulnerability that could allow an unauthenticated, remote attacker to successfully pass a forged X.509 certificate. The vulnerability could allow an unauthenticated, remote attacker to pass a forged Public-Key Cryptography Standards...
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Description Unchecked calls to setuid in krshd and v4rcp, as well as unchecked calls ...
CentOS 3 / 4 : openssl096b (CESA-2005:830)
Updated OpenSSL096b compatibility packages that fix a remote denial of service vulnerability are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The OpenSSL toolkit implements Secure Sockets Layer SSL v2/v3, Transport Layer...
security flaw
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method...
Password Safe 3.0beta weak cryptography in PRNG
rand is used on systems different from Windows XP...
FreeBSD-SA-06:11.ipsec
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sysnetipsec Announced: 2006-03-22 Credits: Pawel...
Perl Crypt::CBC module weak cryptography
Invalid Initialization vector generation algorithm for block cyphers with blocks different from 8 bytes Rijndael...
CVE-2005-4860
Spectrum Cash Receipting System before 6.504 uses weak cryptography static substitution in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password...
PT-2005-5521 · Spectrum · Spectrum Cash Receipting System
Name of the Vulnerable Software and Affected Versions: Spectrum Cash Receipting System versions prior to 6.504 Description: The issue concerns the use of weak cryptography, specifically static substitution, in the PASSFILE password file. This weakness makes it easier for local users to gain...
Avaya wireless access points weak cryptography
Static WEP key 12345 is used...
CVE-2004-2555
Riverdeep FoolProof Security 3.9.x on Windows 98/ME is affected by a cryptographic weakness: the product uses arithmetic and XOR operations to relate the Control password to the Administrator password, enabling local users who know the Control password and password recovery key to compute the Adm...
CVE-2004-2555
Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography arithmetic and XOR operations to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recove...
PasswordSafe weak cryptography
Key derived from user password with fast algorythm is used as a key for block cypher, making it easy to bruteforce user password...
linux-ftpd-ssl 0.17 - MKDCWD Remote Code Execution
linux-ftpd-ssl 0.17 - MKDCWD Remote Code Execution /Oct2005 VER2/ // / lnxFTPDsslwarez.c / / linux-ftpd-ssl 0.17 remote r00t exploit by kcope / / for all of those who installed the ssl ready version / / of linux-ftpd to be more "secure" / / / / be aware of the buffer overflows, / / the code is...
linux-ftpd-ssl 0.17 (MKD/CWD) Remote Root Exploit
No description provided by source. /Oct2005 VER2/ // / lnxFTPDsslwarez.c / / linux-ftpd-ssl 0.17 remote r00t exploit by kcope / / for all of those who installed the ssl ready version / / of linux-ftpd to be more "secure" / / / / be aware of the buffer overflows, / / the code is strong cryto / // ...
RHEL 2.1 : openssl (RHSA-2005:829)
Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having important security impact by the Red Hat Security Response Team. The OpenSSL toolkit implements Secure Sockets Layer SSL v2/v3,...
Mandrake Linux Security Advisory : openssl (MDKSA-2005:179)
Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option SSLOPMSIESSLV2RSAPADDING. This option is implied by use of SSLOPALL, which is intended to work around various...
OpenSSL SSL 2.0 rollback (weak cryptography)
Active man-in-the-middle attacker can force rollback to SSL 2.0 protocol with known cryptographic weakness for both client and server if SSLOPMSIESSLV2RSAPADDING or SSLOPALL configuration option is enabled...
RHEL 2.1 : mod_ssl (RHSA-2005:773)
An updated modssl package for Apache that corrects a security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The modssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL and...
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
-------------------------------------------------------------------------- Debian Security Advisory DSA 807-1 [email protected] http://www.debian.org/security/ Martin Schulze September 12th, 2005 http://www.debian.org/security/faq -...