Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 This is a Proof of Concept for CVE-2021-27328 Example to get firmware decrypting password http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmwaredetect to get /etc/paswd...

python-rsa: bleichenbacher timing oracle attack against RSA decryption

A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

CVE-2021-27328

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...

Directory traversal

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...

CVE-2021-27328

The CVE-2021-27328 entry affects Yeastar NeoGate TG400 91.3.0.3 and is confirmed via multiple connected sources as a Directory Traversal vulnerability. An authenticated user can traverse paths to decrypt firmware and read sensitive files (e.g., firmware password/decryption key). Public PoCs and d...

CVE-2021-27328

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...

Yeastar NeoGate TG400 Path Traversal Vulnerability

Yeastar Yeastar NeoGate TG400 is a software application from Yeastar Spain. The offering provides telecom resellers with a platform to easily launch hosted PBX services with its full range of features, scalability and UC capabilities. A path traversal vulnerability exists in Yeastar NeoGate TG400...

WireBug - A Toolset For Voice-over-IP Penetration Testing

WireBug is a tool set for Voice-over-IP penetration testing. It is designed as a wizard which makes it easy to use. The tools are build for single using too, so every tool is its own python or bash program. Installation Install the dependencies in requirements.txt and the python dependencies in...

CVE-2021-20406

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184...

CVE-2021-20406

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184...

PT-2021-13941 · Ibm · Ibm Security Verify Information Queue

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue versions 1.0.6 through 1.0.7 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information...

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A weak cryptographic algorithm vulnerability exists in IBM Security Verify Information Queue. An attacker could exploi...

Asymmetric-key algorithms and symmetric-key algorithms

The symmetry of the algorithm comes from the fact that both parties involved share the same key for both encryption and decryption. It works similar to a physical door where everyone uses a copy of the same key to both lock and unlock the door. A symmetric-key algorithm, just like real doors,...

GHSA-RHM9-P9W5-FWM7 PyCA Cryptography symmetrically encrypting large values can lead to integer overflow

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. When certain sequences of update calls with large values multiple GBs for symetric encryption or decryption occur, it's possible for an integer overflow to happen, leading to mishandling of...

Ransomware Demands Spike 320%, Payments Rise

When it comes to paying the ransom in a ransomware attack, demands are on the rise. Yet, many companies that paid the ransom failed to receive a decryption key, in a survey issued Monday. In fact, pandemic-themed phishing scams, a sustained onslaught of ransomware attacks and the rise of a remote...

Huawei eUDC660 Improper Resource Management Vulnerability

The Huawei eUDC660 is a device from Huawei, China, that provides scheduling capabilities. The device supports broadband trunk scheduling to improve the efficiency of voice, data, and video communications in transportation, energy, and other areas. A security vulnerability exists in Huawei eUDC660...

Fonix ransomware gives up life of crime, apologizes

Ransomware gangs deciding to pack their bags and leave their life of crime is not new, but it is a rare thing to see indeed. And the Fonix ransomware also known as FonixCrypter and Xinof, one of those ransomware-as-a-service RaaS offerings, is the latest to join the club. End of FonixCrypter...

CVE-2020-4968

IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427...

CVE-2020-4968

IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4968)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. The vulnerability concerns the unencryption of data sent on RMI ports that could allow eavesdrop on communications. Vulnerability Details CVEID: CVE-2020-4968...