76 matches found
Encryption: It's Complicated
Data breaches have become so common at this point that the mere fact that a government agency such as the South Carolina Department of Revenue loses several million Social Security numbers and credit card numbers isn’t really that noteworthy. It’s another day in the life of the Internet. But what...
LuxCal 2.7.0 XSS / LFI / Information Disclosure
Exploit for php platform in category web applications Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: email protected My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link:...
CVE-2012-2146
Removed by vendor...
Sybase Unwired Platform本地安全绕过漏洞
Bugtraq ID: 49114 Sybase Unwired Platform是一款移动企业应用程序平台,可支持快捷地开发移动应用程序,以使企业用户能够利用多种移动设备安全地访问广泛的业务数据。 RIM黑莓设备平台上的Sybase Unwired Platform包含一个安全漏洞,其设备数据库在某些条件下没有正确加密。恶意物理能访问的用户可绕过某些安全限制。 Sybase Unwired Platform 2.0 Sybase Unwired Platform 1.5.5 Sybase Unwired Platform 1.5.3 Sybase Unwired Platform...
CVE-2011-0410
CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by 1 sniffing the network for transmissions of Java objects or 2 reading the database...
Tradecms English foreign trade enterprises web site v1. 0. Vulnerability analysis-vulnerability warning-the black bar safety net
Release time: 2010-07-15 Affected version: Tradecms English foreign trade enterprises web site v1. 0 Vulnerability description: injection vulnerabilities, cross-permissions vulnerability; Database address: ClkjDaTa/ClkjCms. mdb Database open password: The default account and password: user: admin...
Rich Mogull on Database Security and Encryption
Dennis Fisher talks with analyst Rich Mogull of Securosis about his new report on database encryption, the value and danger of storing credit-card data and why more companies don’t get rid of sensitive data more quickly. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground...
CVE-2009-2752
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection
Discovered: 07-18-08 By: SecureState R&D Team sasquatch www.securestate.com Background: ----------- SQL injection has previously been discovered https://www.securityfocus.com/bid/14052/ New Details: ------------ UBBThreads is nice enough to encrypt/mask the regular users' passwords in the databas...
Use download the vulnerability database to initiate network attacks-vulnerability warning-the black bar safety net
As scripting vulnerability the number one killer-and database download vulnerabilities, now has been more and more people to the art. In this information technology update Fast of the era, the vulnerability produced after the attendant is to respond to the tricks, such as change the database...
Cafe free line, Account Card money own plus-vulnerability warning-the black bar safety net
| Currently, the cafe became a student of the Internet“playful”, whenever school time comes, everyone is like“rush”and ran to the cafe to grab a machine with Internet access, but the long down, the summary is calculated to the Internet overhead, but makes all the students feel bad endless. But th...
CVE-2006-5303
Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading 1 base-64 encoded data in SERVERS\Web\Tomcat\usercenter\WEB-INF\login.conf and 2 plaintext data in SERVERS\Shared\signers.cfg. NOTE: the...
Design/Logic Flaw
PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator C++ rand function during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand seed values an...
CVE-2006-1050
Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely...
Have to say by the campus network see Network Security status-vulnerability warning-the black bar safety net
Preface originally really do not want to write this article, but really can not let people endure. Did not expect the school campus network security situation is actually so bad, one of the most impressive Willy-nilly. Or administrator of quality and safety awareness. Status of the recall a year...
Omnis Studio 2.4 - Weak Database Field Encryption
source: https://www.securityfocus.com/bid/1255/info Omnis Studio 2.4 is a development tool for creating database applications. The tool gives developers the option to encrypt database entries. However, the encryption scheme used is weak and easily broken with any scientific calculator or even pen...