EMC M&R (Watch4net) - Credential Disclosure Vulnerability

It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Abstract It was discovered that EMC M&R Watch4net...

OpenSSL < 0.9.8zd / 1.0.0p / 1.0.1k Key Decryption Vulnerability

Binary data 801936.prm...

EMC M&amp;R (Watch4net) - Credential Disclosure

Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affected products EMC reports that the following...

EMC M&R (Watch4net) Insecure Credential Storage

------------------------------------------------------------------------ EMC M&R Watch4net data storage collector credentials are not properly protected ------------------------------------------------------------------------ Han Sahin, November 2014...

Vulnerability in OpenSSL - PKCS7 NULL pointer dereferences

PKCS7 NULL pointer dereference. The PKCS7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS7 signatures, decrypt PKCS7 da...

Mozilla Firefox WebRTC Man-in-the-Middle Attack (CVE-2015-0834)

A security bypass vulnerability has been reported in Mozilla Firefox browser. The vulnerability is due to a weakness in the WebRTC protocol. The vulnerability can be exploited through the use of a man-in-the-middle attack. Successful exploitation would allow attackers to decrypt online traffic...

DLA-175-1 gnupg - security update

Bulletin has no description...

Cisco Intrusion Prevention System DoS

Кратковременные условия при разборе SSL...

Debian DSA-3185-1 : libgcrypt11 - security update

Multiple vulnerabilities were discovered in libgcrypt : - CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on...

Debian Security Advisory DSA 3184-1 (gnupg - security update)

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite...

DSA-3185-1 libgcrypt11 - security update

Bulletin has no description...

DSA-3184-1 gnupg - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3185-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FREAK

FREAK Factoring Attack on RSA-EXPORT Keys CVE-2015-0204 is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android OS and Chrome browser for OS X to...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

Seagate Business NAS - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class MetasploitModule 'Seagate Business NAS Unauthenticated Remote Command Execution', 'Description' = %q Some Seagate Busine...

Seagate Business NAS <= 2014.00319 - Pre-Authentication Remote Code Execution (0day)

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...

Code injection

The remote-management module in the 1 Multi Panels, 2 Comfort Panels, and 3 RT Advanced functionality in Siemens SIMATIC WinCC TIA Portal before 13 SP1 and in the 4 panels and 5 runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit,...

CVE-2015-1358

The remote-management module in the 1 Multi Panels, 2 Comfort Panels, and 3 RT Advanced functionality in Siemens SIMATIC WinCC TIA Portal before 13 SP1 and in the 4 panels and 5 runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit,...

CVE-2015-0010

The CryptProtectMemory function in cng.sys aka the Cryptography Next Generation driver in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol...