Design/Logic Flaw

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL...

CVE-2006-0999

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL...

IM Lock protection bypass

Decryptable password is stored in world-readable registry key...

TotalECommerce 1.0 - index.asp?id SQL Injection

TotalECommerce 1.0 - index.asp?id SQL Injection Original advisory: http://www.nukedx.com/?viewdoc=18 Advisory by: nukedx Full PoC Explotation: GET - http://victim/dir/index.asp?secao=PageID&id=SQL EXAMPLE 1 -...

Vulnerability in Crypt::CBC Perl module, versions <= 2.16

Perl Module Security Advisory ------------------------------------------------------------------------------- Title: Crypt::CBC ciphertext weakness when using certain block algorithms Severity: High Versions: All versions = 2.16. Date: 23 February 2006...

MD5 decrypt of the most fast method-vulnerability warning-the black bar safety net

In the I do section management of several forums, whether it is a Black Hawk base in the forum or a non-secure or is the X-Files, always repeat the experience on MD5 hack question post, answer more is really tired, do a rough summary, and then later Refine it. In General, shaped like a...

CVE-2006-0427

Vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords by accessing restricted functionality. Affects BEA WebLogic products with limited confidentiality impact (partial). Exploit details, root cau...

Oracle Transparent Data Encryption master encryption key stored as plaintext

Overview Oracle Transparent Data Encryption master encryption key is stored as plaintext, which could allow an attacker to decrypt and read sensitive information within the database. Description Transparent Data Encryption TDE According to Oracle, Transparent Data Encryption "allows customers to...

CVE-2005-4066

Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCXFTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm...

CVE-2005-4002

WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation...

CVE-2005-4002

CVE-2005-4002 affects WebEOC prior to 6.0.2. The vulnerability arises because the same secret key is used across all installations, enabling anyone with the key to decrypt data from any WebEOC deployment. The available documents do not specify a fixed root cause mechanism beyond the shared-key is...

CVE-2005-4002

WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation...

Challenge bundle document scanner a method-vulnerability warning-the black bar safety net

Since don't know who wrote the one bundled file viewer, file combiner's life。。。。。 Last seen mjbinder and vegetables combined controller will be bundled file viewer to find out, has been just depressed. （Don't know the principles of course depressed indeed not check out but with PEID scan can be...

Crack disc encryption: the DVD of the blockbuster copy to the hard-vulnerability warning-the black bar safety net

A few years ago VCD legitimate popular, we will often VCD, Mpegav directory under the file copy directly to the hard disk, so not only can reduce drive wear and tear, but also to ensure the VCD of smooth playback. Now, when we play a DVD movie when the DVD drive is more busy, if you can spend som...

CVE-2005-3256

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...

CVE-2005-3256

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...

CVE-2005-3256

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...

DEBIAN-CVE-2005-3256

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...

CVE-2005-3256

CVE-2005-3256 affects Enigmail, where the key selection dialogue in versions before 0.92.1 can choose a key whose user ID has no additional information. This can lead to encrypting with the wrong public key, potentially enabling disclosure of confidential data. The issue is described in multiple ...

CVE-2005-3256

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...