VulnCheck KEV: CVE-2014-1812

Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate...

mRemote Offline Password Decrypt

mRemote Offline Password Decrypt Based on Metasploit Module enummremotepwds.rb from David Maloney Autor: Adriano Marcio Monteiro E-mail: [email protected] Blog: adrianomarciomonteiro.blogspot.com.br Usage: ruby mRemoteOffPwdsDecrypt.rb confCons.xml require 'rexml/document' require...

Stack overflow

Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network...

BlackBerry Z 10 Buffer Overflow Vulnerability

BlackBerry Z 10 suffers from a remotely exploitable buffer overflow in qconnDoor. BlackBerry Z 10 Buffer Overflow Vulnerability 1. Timeline --------------------------------------------------------------------- 2013-06-23: Vendor has been contacted. 2013-06-24: Vendor response. 2013-06-27: Vendor...

Mylar - Platform for building secure web applications

Web applications rely on servers to store and process confidential information. However, anyone who gains access to the server e.g., an attacker, a curious administrator, or a government can obtain all of the data stored there. Mylar protects data confidentiality even when an attacker gets full...

Dumb Ransomware Developer leaves Decryption Keys on Infected Computers

So, How do Hackers compromise a Website? Simply by exploiting the flaws in it, that means they took advantage of the error in the developers’ code. Now, this time the hackers itself has left behind a crucial flaw in its malware code which can be exploited by us to help save our computer systems...

CVE-2013-5445

IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key...

Code injection

IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key...

CVE-2013-5445

IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key...

[VNC Password Recovery v2.0] All-in-one VNC Password Decoder Tool

VNC Password Recovery is the FREE software to instantly recover VNC password stored by popular VNC Servers. It automatically detects the encrypted VNC password stored in the file system or registry by various VNC server applications. Then it quickly decrypts it and display the original VNC...

CryptorBit Ransomware that scam for Ransom money with fake Decryption Keys

We are continuously keeping our eye on new variants of the widely spread Ransomware family like Cryptolocker, Prison Locker, Copycat and Locker which encrypts your files and ask for a random amount to decrypt it. If infected by such malware, to be very honest, there is no hope for recovering your...

HP Intelligent Management Center < 7.0 E0102 DES / ECB Weak Decryption Key

The version of HP Intelligent Management Center on the remote host is affected by a vulnerability that could allow an attacker to gain access to administrative credentials. This is due to the fact that a static decryption key is used with DES in ECB mode to store the credentials. %NASLMINLEVEL...

gnupg: RSA secret key recovery via acoustic cryptanalysis

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...

Use of 3DES to Encrypt Stolen Target PIN Data Invites Worry

Target Corp.’s admission that encrypted PIN data was stolen in the Black Friday breach was bad news for consumers. For security experts, especially cryptographers, particular exception was taken to the retail giant’s use of Triple DES 3DES encryption to keep the PIN data safe. With all crypto...

[USN-2059-1] GnuPG vulnerability

========================================================================== Ubuntu Security Notice USN-2059-1 December 18, 2013 gnupg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Updated gnupg package fixes CVE-2013-4576

Updated gnupg package fixes security vulnerability: Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts CVE-2013-4576...

MGASA-2013-0382 Updated gnupg package fixes CVE-2013-4576

Updated gnupg package fixes security vulnerability: Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts CVE-2013-4576...

Jackie CMS 1.7 commercial version SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

Jackie CMS 1.7 commercial version with the Zend encryption, batch after decryption, found the programmer with several functions, making this system substantially no injection vulnerabilities. In the judgment of ip, the programmers will. The filter then determines whether it is Digital, it is wort...

DSA-2821-1 gnupg - side channel attack

Bulletin has no description...

gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack

Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...