CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OpenVAS•added 2014/09/22 12:0 a.m.•43 views

Apple Mac OS X Multiple Vulnerabilities -05 (Sep 2014)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.73327EPSS

Exploits5References5

Tenable Nessus•added 2014/08/30 12:0 a.m.•30 views

GLSA-201408-10 : Libgcrypt: Side-channel attack

The remote host is affected by the vulnerability described in GLSA-201408-10 Libgcrypt: Side-channel attack A vulnerability in the implementation of ElGamal decryption procedures of Libgcrypt leaks information to various side-channels. Impact : A physical side-channel attack allows a remote...

2.1CVSS6.4AI score0.00531EPSS

Gentoo Linux•added 2014/08/29 12:0 a.m.•35 views

Libgcrypt: Side-channel attack

Background Libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description A vulnerability in the implementation of ElGamal decryption procedures of Libgcrypt leaks information to various side-channels. Impact A physical side-channel attack allows a remote attacker to fully...

2.1CVSS5.9AI score0.00531EPSS

Tenable Nessus•added 2014/08/27 12:0 a.m.•41 views

Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS

The version of Symantec Encryption Desktop installed on the remote Mac OS X host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially...

5CVSS5.5AI score0.01072EPSS

Tenable Nessus•added 2014/08/27 12:0 a.m.•50 views

Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS

The version of Symantec Encryption Desktop installed on the remote host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially crafted...

5CVSS5.5AI score0.01072EPSS

The Hacker News•added 2014/08/06 11:4 p.m.•19 views

Free CryptoLocker Ransomware Decryption Tool Released

When I say Ransomware, the first nasty piece of malware strikes in the mind is CryptoLocker. A nasty strain of ransomware malware that threatened most of the people around the world by effectively destroying important files of the victims forever. CRYPTOLOCKER - A DEVASTATING THREAT CryptoLocker ...

6.9AI score

seebug.org•added 2014/07/21 12:0 a.m.•108 views

YXcms伪造cookie绕过验证任一用户登录

简要描述：源代码中有对cookie的加解密函数，可以伪造cookie，而且程序使用cookie进行权限验证，可以实现任一用户登录。详细说明： Protected/apps/members/controller/indexController.php public function login if!$this-isPost//不使用post时 $cookieauth=getcookie'auth';//此时直接从cookie中获取认证信息，我们跟进getcookie函数看能否伪造cookie绕过认证 if!empty$this-auth...

7AI score

Metasploit•added 2014/07/14 8:27 p.m.•44 views

Multi Gather DbVisualizer Connections Settings

DbVisualizer stores the user database configuration in dbvis.xml. This module retrieves the connections settings from this file and decrypts the encrypted passwords. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

0.2AI score

Kitploit•added 2014/07/03 9:37 p.m.•54 views

Wireshark v1.10.8 - The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto and often de jure standard across many industries and educational institutions. Wireshark development thrives thanks to the...

4.3CVSS7.7AI score0.01413EPSS

Exploits1

seebug.org•added 2014/07/01 12:0 a.m.•22 views

TotalECommerce <= 1.0 (index.asp id) Remote SQL Injection Exploit

No description provided by source. Original advisory: http://www.nukedx.com/?viewdoc=18 Advisory by: nukedx Full PoC Explotation: GET - http://victim/dir/index.asp?secao=PageID&id=SQL EXAMPLE 1 -...

seebug.org•added 2014/07/01 12:0 a.m.•17 views

libxslt 1.1.x - RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30467/info The 'libxslt' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute...

seebug.org•added 2014/07/01 12:0 a.m.•23 views

Computer Associates Unicenter Asset Manager Stored Secret Data Decryption Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7808/info It has been reported that Unicenter Asset Manager stores password information in a way that may be easily recovered. Because of this, an attacker may be able to gain access to potentially sensitive resources...

seebug.org•added 2014/07/01 12:0 a.m.•12 views

Apple Mac OS <= 8 8.6 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/519/info The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and depends on...

seebug.org•added 2014/07/01 12:0 a.m.•23 views

Novell Netware 4.1/4.11 SP5B Remote.NLM Weak Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/482/info The encrypted passwords for Remote.NLM are remotely accessible to anyone with the ability to view SYS:System\LDRemote.NCF. The password encryption algorithm for Remote.NLM has been broken and can be decrypted wit...

seebug.org•added 2014/07/01 12:0 a.m.•20 views

Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/880/info IMail keeps the encrypted passwords for email accounts in a registry key, HKLM\SOFTWARE\Ipswitch\Imail\Domains\DomainName\Users\UserName, in a string value called Password. The encryption scheme used is weak and...

seebug.org•added 2014/07/01 12:0 a.m.•22 views

Ultimate PHP Board 1.8/1.9 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13975/info Ultimate PHP Board is prone to a weak password encryption vulnerability. This issue is due to a failure of the application to protect passwords with a sufficiently effective encryption scheme. This issue may...