CVE-2017-12735

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic...

Hardcoded credentials

A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source...

CVE-2017-6766

A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected...

CVE-2017-6766

A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected...

Weak Algorithm Vulnerability in Huawei USG Products

Huawei USG6300/USG6600 are firewall products from Huawei, China. A weak algorithmic vulnerability exists in several Huawei firewall USG6300/USG6600 products. By exploiting this weak algorithm vulnerability, an attacker can intercept information transmitted over the network and successfully decryp...

Cisco Firepower System Software Secure Sockets Layer Policy Bypass Vulnerability

A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected...

BSA-2017-500

Security Advisory ID : BSA-2017-500 Component : Apache HTTPD Revision : 1.0: Final It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decryp...

FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries

Overview FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities. FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269 Encrypted files in self-decryption forma...

CVE-2016-3019

IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462...

OneLogin Password Manager Hacked; Users’ Data Can be Decrypted

Do you use OneLogin password manager? If yes, then immediately change all your account passwords right now. OneLogin, the cloud-based password management and identity management software company, has admitted that the company has suffered a data breach. The company announced on Thursday that it h...

kernel: Oops in shash_async_export()

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...

Windows Penetration Testing Tool: RedSnarf

Windows Penetration Testing Tool RedSnarf is a pen-testing / red-teaming tool by Ed William and Richard Davy for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf aims to do the following: Leave no evidence on the hos...

Botan Security Bypass Vulnerability

Botan is a library of cryptographic algorithms in the C++ programming language that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security bypass vulnerability exists in Botan version 1.11.x prior to 1.11.22. A remote attacker could exploit this vulnerability to decrypt TLS ciphertext...

httpd: Padding Oracle in Apache mod_session_crypto

It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...

Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits

Remember The Shadow Brokers? They are back. A hackers group that previously claimed to have stolen a bunch of hacking tools malware, zero-day exploits, and implants created by the NSA and gained popularity last year for leaking a portion of those tools is back. Today, The Shadow Brokers group...

CVE-2017-3887

A vulnerability in the detection engine that handles Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco...

CVE-2017-3887

A vulnerability in the detection engine that handles Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco...

CVE-2017-3887

CVE-2017-3887 concerns Cisco Firepower System Software’s SSL packet handling in the detection engine when configured with an SSL Decrypt-Resign policy. An unauthenticated, remote attacker could trigger a DoS by causing the Snort process to restart, degrading or bypassing traffic inspection. Affec...

PT-2017-17809

Name of the Vulnerable Software and Affected Versions Schneider Electric SoMachine Basic version 1.4 SP1 Schneider Electric Modicon TM221CE16R version 1.3.3.3 Description The issue concerns a hardcoded-key vulnerability in the Project Protection feature, which is used to prevent unauthorized acce...

CVE-2017-6339

Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority CA and dynamically generates digital certificates that are sent to client browsers to...