security flaw

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value...

KDE KOffice buffer overflow

Buffer overflow in Decrypt::makeFileKey2 function...

Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2

Background Xpdf is an open source viewer for Portable Document Format PDF files. GPdf is a Gnome-based PDF viewer that includes some Xpdf code. Description iDEFENSE reports that the Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Leng...

CVE-2005-0064

CVE-2005-0064 is a buffer overflow in Xpdf’s Decrypt::makeFileKey2 (Decrypt.cc) that affected Xpdf 3.00 and earlier, enabling remote code execution via PDFs with a large /Encrypt /Length. Connected GLSA entries confirm Xpdf (and GPdf) include code sharing Xpdf, and note the issue could impact CUP...

CVE-2005-0064

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value...

CA Unicenter Password Recovery Tool

List, The following can also be found at: http://www.kufumo.com/releases/ca-passwordrecover.txt Thanks, Tor Houghton ; $Id: ca-passwordrecover.txt,v 1.3 2003/05/20 10:46:51 torh Exp $ Computer Associates "Asset Manager" Password Recovery Tool c 2003 Tor Houghton th at kufumo dot com ++Synopsis++...

PT-2002-2406 · Newsreactor · Newsreactor

Name of the Vulnerable Software and Affected Versions: NewsReactor version 1.0 Description: The issue is related to a weak encryption scheme used by the software, which could allow local users to decrypt passwords and gain access to other users' newsgroup accounts. Recommendations: For NewsReacto...

PT-2002-2419 · Pgp +1 · Pgp +1

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook plug-in PGP versions 7.0, 7.0.3, and 7.0.4 Description: The issue arises when the "Automatically decrypt/verify when opening messages" option is checked and the "Always use Secure Viewer when decrypting" option is not checke...

CVE-2002-0706

UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function...

CVE-1999-1049

ARCserve NT agents authenticate using a weak XOR scheme for passwords. The vulnerability allows remote attackers to sniff the authentication request sent to port 6050 and decrypt the password, leading to potential unauthorized access and confidentiality/ integrity impact as described in the CVE e...

CVE-2001-0618

Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy WEP encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic...

CVE-2001-0160

Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector IV values for the Wireless Encryption Protocol WEP which allows remote attackers to quickly compile information that will let them decrypt messages...

CVE-2000-1008

PalmOS 3.5.2 and earlier uses weak encryption to store the user password, allowing attackers with physical access to decrypt the password and gain access to the device. The vulnerability affects the password storage mechanism and is exploitable only with local access; no exploit details or mitiga...

CVE-2000-0300

The CVE refers to PcAnywhere 9.x where the default encryption method is weak, enabling remote attackers to sniff and decrypt PcAnywhere or NT domain accounts. Affected software: PcAnywhere 9.x (default encryption). Root cause: use of weak default encryption in the authentication pathway. Impact: ...

CVE-2000-0250

The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords...

cfdecrypt.txt

Subject: Re: New Allaire Security Zone Bulletins and KB Articles To: [email protected] On Tue May 25 1999, James Stephens wrote: At 03:00 PM 5/24/99 -0700, [email protected] wrote: ASB99-08: Pages Encrypted with CFCRYPT.EXE Can Be Illegally Decrypted Has anyone seen the program that...

PT-1999-1157 · Sco · Sco Termvision

Name of the Vulnerable Software and Affected Versions: SCO TermVision affected versions not specified Description: A weak encryption algorithm is used for passwords, allowing them to be easily decrypted by a local user. Recommendations: At the moment, there is no information about a newer version...

Allaire ColdFusion Server 4.0.1 - CFCRYPT.EXE Decrypt Pages

Allaire ColdFusion Server 4.0.1 - CFCRYPT.EXE Decrypt Pages / source: https://www.securityfocus.com/bid/275/info A vulnerability in ColdFusion allows pages encrypted with the CFCRYPT.EXE utility to be decrypted. ColdFusion supports the ability to "encrypt" the CFML templates in an application or...

Remote Code Execution via Chosen-Ciphertext Attack

framework/src/Titon/Crypto/OpenSslCipher.hh Lines 30 to 39 in cbf4472 public function decryptstring $payload: mixed $payload = $this-decodePayload$payload; $method = $this-getMethod; $value = openssldecrypthex2bin$payload'data', $method, $this-getKey, OPENSSLRAWDATA, hex2bin$payload'iv'; if $valu...