MyStore Tienda Virtual SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================================================== | Title : SQL Injection MyStore Tienda Virtual | | Author : Arturo Zamora | | email : email protected | | DAte : 02/01/2012 | | Verified : yes | | Risk :...

NSHC Papyrus 2.0 - Heap Overflow

!/usr/bin/python Title: NSHC Papyrus Heap Overflow Vulnerability Date: 13\08\2011 Author: wh1ant Software Link: http://file.atfile.com/ftp/data/03/PapyrusSetup.exe Version: 2.0 Tested On: windows XP SP3 South Korea / windows XP SP3 English VMware Workstation CVE: N/A Notice: Encrypt/Decrypt...

Researchers Show Method to Decrypt GPRS Traffic

A security researcher known for his work on cracking cryptographic ciphers on mobile networks has found a method that enables him to capture and decrypt data traffic on virtually any GPRS network. The attack, developed by Karsten Nohl, enables him to eavesdrop on traffic within a radius of about...

Apple Fixes SSL Man-in-the-Middle Bug in iOS 4.3.5

Apple has released another new version of its iOS operating system for iPhones and other devices that fixes a security vulnerability in the way that the software handled SSL certificates and validated their authenticity. An attacker exploiting the bug might be able to intercept SSL traffic, Apple...

Multiple ZyWALL USG Products Remote Security Bypass Vulnerability

Multiple ZyWALL USG products are prone to a security-bypass vulnerability. Successful exploits may allow attackers to bypass certain security restrictions and perform unauthorized actions. Note: Reportedly, the firmware is also prone to a weakness that allows password-protected upgrade files to b...

Design/Logic Flaw

The S/MIME feature in Open Ticket Request System OTRS before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available fo...

Keynect Ecommerce SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================================================== | Title : SQL Injection Keynect Ecommerce | | Author : Arturo Zamora | | email : email protected | | DAte : 10/03/2011 | | Verified : yes | | Risk : High ...

CVE-2010-3618

PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an...

Design/Logic Flaw

PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an...

CVE-2010-3618

CVE-2010-3618 affects PGP Desktop versions 10.0.x prior to 10.0.3 SP2 and 10.1.0 prior to 10.1.0 SP1. The vulnerability lies in the Decrypt/Verify File via Right-Click workflow for multi-packet OpenPGP messages, enabling a remote attacker to spoof signed data by appending an unsigned/extra messag...

Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)

Microsoft ASP.NET - Auto-Decryptor File Download MS10-070 !/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor...

BlackBerry Desktop Software Security Bypass Vulnerability

BlackBerry Desktop Software is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

BbtsConnectionEdit.exe in Blackboard Transact Suite formerly Blackboard Commerce Suite before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml...

win32/xp sp3 (SPA) URLDownloadToFileA + CreateProcessA + ExitProcess

Exploit for win32 platform in category shellcode ==================================================================== win32/xp sp3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess ==================================================================== !/usr/bin/perl c0d3d by r0i aka d0lc3 Explo...

Default configuration

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...

CVE-2010-2306

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...

CVE-2009-3035

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and...

Social worker database+configuration upload scored webshell-vulnerability warning-the black bar safety net

BY:small Wu blog:http://hi. baidu. com/q369568652 Today in the group. A friend lost a station. That is the Universal password to everyone to help look. Sure enough,a universal password to get in. Went in and saw no backup. There is an upload and ewebeditor. ! Thought might win a bit difficult. He...

DEBIAN-CVE-2009-4212

Multiple integer underflows in the 1 AES and 2 RC4 decryption functionality in the crypto library in MIT Kerberos 5 aka krb5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by providing ciphertext with a...

CVE-2009-3200

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable,...