Detrix EDMS 1.2.3.1505 SQL Injection

!/usr/bin/php / Exploit Title: Detrix EDMS cleartext user password remote SQLI exploit Google Dork: Date: Jul 2019 Exploit Author: Burov Konstantin Vendor Homepage: forum.detrix.kz Software Link:...

CryptonDie - A Ransomware Developed For Study Purposes

CryptonDie is a ransomware developed for study purposes. Options --key key used to encrypt and decrypt files, default is random stringrecommended --dir Home directory for the attack, default is / --encrypt Encrypt all files --decrypt Decrypt all files --verbose Active verbose mode, default is Fal...

CB Threat Analysis Unit: Technical Analysis of “Crosswalk”

The technical analysis is related to the TAU-TIN for the same malware which can be located in this post. FireEye recently reported on APT41, a Chinese state sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditiona...

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of a unstable cryptographic algorithm in the configuration files. This allows a hacker to decrypt the configuration data.

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of a unstable cryptographic algorithm in the configuration files. Exploiting this vulnerability allows a remote attacker to decrypt the configuration data...

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of cryptographic algorithms that contain defects, allowing attackers to decrypt the login credentials.

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability allows a remote attacker to decrypt the login credentials...

Russians Hack FBI Comms System

Yahoo News reported that the Russians have successfully targeted an FBI communications system: American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI...

EulerOS 2.0 SP5 : nss-softokn (EulerOS-SA-2019-1979)

According to the version of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of...

Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1559

Summary IBM MQ for HP NonStop Server has addressed the following vulnerability: CVE-2019-1559 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the host...

IBM Cognos Controller Information Disclosure Vulnerability (CNVD-2019-32437)

IBM Cognos Controller is a suite of business intelligence and planning solutions from IBM in the United States. The product features process automation, financial audit control, and the creation and management of financial reports. An information disclosure vulnerability exists in IBM Cognos...

CVE-2019-4175

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880...

PT-2019-16950 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.3.0 through 10.4.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

Inteno IOPSYS Gateway - Improper Access Restrictions

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

ALPINE-CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

Code injection

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

UBUNTU-CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2019-1563

CVE-2019-1563 describes a Bleichenbacher padding oracle vulnerability in OpenSSL. The issue allows an attacker, after sending a large number of ciphertexts for decryption, to recover the CMS/PKCS7 encryption key or decrypt RSA-encrypted data when the attacker can observe decryption success/failur...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

OpenSSL Vulnerabilities Oct 2018 - Jul 2019

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. An attacker can recover DSA, ECDH, and ECDSA private keys through timing side-channel attacks. A remote attacker can also decrypt encrypted ciphertext and modify OpenSSL...

CVE-2019-12587

The CVE-2019-12587 entry concerns the EAP peer implementation in Espressif ESP-IDF 2.0.0–4.0.0 and ESP8266_NONOS_SDK 2.2.0–3.1.0, where a zero PMK can be installed after any EAP authentication, enabling attackers in radio range to replay, decrypt, or spoof frames via a rogue AP. Red Hat and OSV r...