PT-2015-6154 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.19.3 Description: The issue is related to the driver rfc4106 decrypt function in the Linux kernel, which does not properly determine the memory locations used for encrypted data. This allows attackers to cause...

Loxone Smart Home Multiple Vulnerabilities (Mar 2015)

Loxone Smart Home is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:loxone:miniserverfirmware...

The LaZagne Project - Recover most common software passwords (Firefox, IE, Opera, Chrome, Filezilla, winscp, coreFTP, WiFi and many more)

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different technics plaintext, using api, custom algorithms, etc.. This tool has been developped to find these passwords for most common...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

UBUNTU-CVE-2015-0564

Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service application crash via a crafted packet that is improperly handled during decryption of an SSL...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

DEBIAN-CVE-2014-3567

Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...

CryptoWall Ransomware Earns $1.1M, Encrypts 5 Billion Files

CryptoWall is a million-dollar business. The file-encrypting ransomware has netted the criminal gang responsible for its development and dispersal, more than $1.1 million in the six months it’s been in the wild, researchers at Dell SecureWorks’ Counter Threat Unit said in a report this week. The...

Design/Logic Flaw

The decrypt function in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this functi...

Flowerfire Sawmill 5.0.21 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1403/info Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill bid = 1402 could allow an...

Computer Associates eTrust Intrusion Detection 1.4.1 .13 Weak Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1341/info A weak encryption scheme exists in Computer Associates eTrust Intrusion Detection System formerly known as SessionWall-3 password which authorizes users to view and configure the application's registry settings...

TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA) 8.3.5 - Remote User Credential Dump

No description provided by source. Exploit Title: Team Helpdesk Customer Web Service CWS Remote User Credential Dump exploit Exploit Title: Team Helpdesk Technician Web Access TWA Remote User Credential Dump exploit Date: May 5, 2014 Exploit Author: bhamb [email protected] Vendor Homepage:...

CMS NetCat 3.0/3.12 - Blind SQL Injection Exploit

No description provided by source. ? / AIST NetCat Blind SQL Injection exploit by s4avrd0w [email protected] Versions affected = 3.12 More info: http://www.netcat.ru/ tested on version 3.0, 3.12 usage: ./NetCatblindSQLexploit.php -s=NetCatserver -u=UserID The options are required: -u The user...

Qbik WinGate 3.0 Registry Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/511/info WinGate stores encrypted passwords in the registry, in a subkey where Everyone has Read access by default. The encryption scheme is weak, and therefore anyone can get and decrypt them. include stdafx.h include...

NSHC Papyrus 2.0 - Heap Overflow Vulnerability

No description provided by source. !/usr/bin/python Title: NSHC Papyrus Heap Overflow Vulnerability Date: 13\08\2011 Author: wh1ant Software Link: http://file.atfile.com/ftp/data/03/PapyrusSetup.exe Version: 2.0 Tested On: windows XP SP3 South Korea / windows XP SP3 English VMware Workstation CVE...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2232-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2232-1 advisory. Jri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting...

OpenSSL and then blast a serious security vulnerability -- CCS injection-vulnerability warning-the black bar safety net

OpenSSL's ChangeCipherSpec processing and then reported a serious security vulnerability that an attacker can intercept the malicious intermediate node to encrypt and decrypt data,while forcing the use of weak key for SSL client exposed to the malicious nodes. When the software uses the OpenSSL...