Ultimate PHP Board 1.8/1.9 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13975/info Ultimate PHP Board is prone to a weak password encryption vulnerability. This issue is due to a failure of the application to protect passwords with a sufficiently effective encryption scheme. This issue may...

Allaire ColdFusion Server <= 4.0.1 CFCRYPT.EXE Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/275/info A vulnerability in ColdFusion allows pages encrypted with the CFCRYPT.EXE utility to be decrypted. ColdFusion supports the ability to encrypt the CFML templates in an application or component, using the CFCRYPT.E...

NetZero ZeroPort 3.0 Weak Encryption Method Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1483/info Netzero is a free internet service provider which requires its users to run the application ZeroPort in order to log onto the network. The username and password is stored locally in a text file called id.dat and...

FlashFXP 1.4 User Password Encryption Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7499/info FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for...

IBM WebSphere 2.0/3.0 ikeyman Weak Encrypted Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1763/info IBM WebSphere ships with a tool called 'ikeyman' that encrypts server certificates/key pairs when the IBM HTTP Server and SSL connections are enabled. Ikeyman stores the password in a stash file which can be...

Ipswitch IMail Server 7/8 Weak Password Encryption Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10956/info Ipswitch IMail is reported to use a weak encryption algorithm when obfuscating saved passwords. A local attacker who has the ability to read the encrypted passwords may easily derive the plaintext password if t...

Folder Lock 5.9.5 Weak Password Encryption Local Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30766/info Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner. A local attacker can exploit this issue to obtain passwords used by the application, which ma...

Student Decrypts Simplocker Android Ransomware that Encrypts Files

In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker Android/Simplocker.A is the latest Android ransomware that has...

AIX OpenSSL Advisory : openssl_advisory9.doc

The version of OpenSSL installed on the remote host is potentially affected by the following remote code execution and denial of service vulnerabilities : - OpenSSL could allow an attacker to cause a buffer overrun situation when an attacker sends invalid DTLS fragments to an OpenSSL DTLS client ...

openSUSE Security Update : mozilla-nss (openSUSE-SU-2013:1539-1)

Mozilla NSS was updated to 3.15.2 bnc842979 - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add PK11CipherFinal macro - sizeof used incorrectly - nssutilReadSecmodDB leaks memory - Allow...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

Android Ransomware First to Encrypt Data on Mobile Devices

A strain of ransomware that encrypts data on Android mobile devices, the first of its kind, has spread to 13 countries since it was first spotted less than a month ago. Researchers at Kaspersky Lab today disclosed details on Pletor, an expensive Trojan that popped up on an underground forum selli...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability

The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...

First Android Ransomware that Encrypts SD Card Files

We have seen cybercriminals targeting PCs with Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it. To deliver the Ransomware malwares to the mobile devices, cyber criminals have already started...

ProtonMail.ch Header Injection / CSRF

SecurityAdvisory ---------------- Time Line Vulnerability ------------------------------- -Day 05-05-2014 Security Advisory = No response -Days 08 12 19-05-2014 Multiples Advisories = No Response -Day 20-05-2014 Full Disclosure Alerts summary -CRLF injection/HTTP response splitting...