Oracle Property Management Platform remote command execution and the cardholder data is decrypted vulnerability analysis-vulnerability warning-the black bar safety net

Recently, I found that in some large business hotel, the reception data management system of Oracle Opera in the presence of a plurality of security vulnerabilities. Hackers can exploit these vulnerabilities, the hotel booking App mentioning the right to get higher user usage rights; at the same...

CVE-2016-2951

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data...

CVE-2016-6899

The Intelligent Baseboard Management Controller iBMC in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, a...

CVE-2016-6838

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before...

Design/Logic Flaw

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before...

Cisco UCS Invicta Software Information Disclosure Vulnerability

Cisco UCS Invicta Software is a suite of software from the U.S. company Cisco Cisco that provides application acceleration capabilities. An information disclosure vulnerability exists in Cisco UCS Invicta Software. An attacker could exploit the vulnerability by intercepting communications to...

Encryption Bill: Bad for Privacy, Security and Business

A bill that would force companies to decrypt messages and unlock devices if ordered to do so by government court order, surfaced Friday and is rattling security and privacy advocates and IT business leaders. They contend the bill is misguided and will have a detrimental effect on civil liberties...

SAP NetWeaver Information Disclosure Vulnerability (CNVD-2016-00444)

SAP NetWeaver is a service-oriented, integrated application platform. A security vulnerability in SAP NetWeaverUser Management Engine allows remote attackers to exploit the vulnerability to decrypt data...

CVE-2016-1910

The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...

Code injection

The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...

CVE-2016-1910

CVE-2016-1910 affects SAP NetWeaver 7.4 UME (User Management Engine) and is described as a cryptographic issue enabling attackers to decrypt data via unspecified vectors (SAP Security Note 2191290). The connected materials indicate this is a crypto-issue vulnerability with publicly available PoCs...

CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences...

CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences...

CVE-2015-1453

CVE-2015-1453 affects Fortinet FortiClient for Android 5.2.3.091, where the qm class uses a hardcoded encryption key (FoRtInEt!AnDrOiD). This enables an attacker to decrypt data stored in Shared Preferences and potentially obtain passwords or other sensitive data. The available sources describe t...

Apple Releases Security Updates for iOS and Apple TV

Apple has released security updates for iOS devices and Apple TV to address multiple vulnerabilities, one of which could allow an attacker to decrypt data protected by SSL. Updates available include: iOS 8.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later Apple ...

Apple Mac OS X Multiple Vulnerabilities -05 (Sep 2014)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSL: Multiple Vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

openssl: uninitialized SSL 3.0 padding

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

DSA-2454-2 openssl - incomplete fix

Bulletin has no description...

Information disclosure

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...