CVE-2009-1477

The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from...

CVE-2009-1477

The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from...

SquirrelMail: Multiple cross site scripting issues

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...

CVE-2009-1374

Pidgin (formerly Gaim) is affected by CVE-2009-1374 due to a buffer overflow in the decrypt_out function when processing QQ packets, which can cause the application to crash (DoS). Several connected advisories note this as part of a set of fixes for Pidgin in 2009 across multiple distributions (e...

pidgin DoS when decrypting qq packets

Buffer overflow in the decryptout function in Pidgin formerly Gaim before 2.5.6 allows remote attackers to cause a denial of service application crash via a QQ packet...

MDVA-2008:122 : vpnc

The vpnc package that shipped with Mandriva Linux 2008.1 was missing the cisco-decrypt binary, which is used for converting Cisco VPN client profile files encrypted passwords. As a result, any call to pcf2vpnc failed due to the missing binary. This update provides the missing binary. %NASLMINLEVE...

Fedora Update for pam_ssh FEDORA-2007-1793

Check for the Version of pamssh OpenVAS Vulnerability Test Fedora Update for pamssh FEDORA-2007-1793 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

CVE-2008-6191

Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries...

DEBIAN-CVE-2009-0126

The decryptpublic function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing BOINC 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSApublicdecrypt function, which allows remote attackers to bypass validation of the certificate chain via a...

CVE-2008-4368

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension JCE key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE...

CVE-2008-4368

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension JCE key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE...

webmail-passwordleak.txt

Name : Horde & Roundcube password leak vulnerability Author : Xc0re Security Reasearch Group Homepage : http://www.xc0re.net Description : Webmail clients such as Horde & Round Cube leak their username and password in a fashion that with every post request they also send a base64 encoded...

CVE-2004-2721

The CVE-2004-2721 entry describes a vulnerability in openSkat VTMF prior to 2.1 where the CheckGroup function generates public key pairs with a non-prime p, enabling remote attackers to determine the private key and decrypt messages. The documents do not provide a confirmed exploit path, affected...

CVE-2007-3528

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...

Ultimate PHP Board <= 1.96 GOLD Multiple Vulnerabilities Exploit

No description provided by source. ?php / Advisory: http://www.kliconsulting.com/users/mbrooks/UPBadvisory.rtf Vendors site: http://forum.myupb.com/ Download: http://fileserv.myupb.com/download.php?url=upb196GOLD.zip http://prdownloads.sourceforge.net/textmb/upb1.8.2.zip?download Download Mirror:...

CVE-2006-2710

Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications...

Design/Logic Flaw

Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications...

CVE-2006-0231

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications...

Input validation

Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VCCRYPTOMETHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the 1 encrypt and 2 decrypt functions...

CVE-2006-1599

Vulnerability CVE-2006-1599 affects v-creator before 1.3-pre3, in VCEngine.php when VC_CRYPTO_METHOD is OPENSSL. Root cause appears to be issues in the encrypt and decrypt functions, enabling remote command execution. The available sources indicate the vulnerability resides in the crypto handling...