358 matches found
Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlangavi Stack Overflow', 'Description' = %q The NETGEAR WNR2000 router h...
Phabricator: Differential "Show Raw File" feature exposes generated files to unauthorised users
Summary: In certain circumstances, a user or mongoose can see a file from a diff they should not be able to see due to a policy. Preface: We are an app agency using a private Phabricator instance to manage projects. This issue prevents us from allowing clients to access our instance as they would...
Auditing Web Applications Firewalls: LightBulb
Auditing Web Applications Firewalls LightBulb is an open source python framework for auditing web applications firewalls Web Applications Firewalls WAFs are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transaction...
Unable to Delete Differential Disks from LVM and ext3 Storages with Error Displayed on XenCenter
Unable to delete differential disks from Logical Volume Manager LVM or ext3 storages. The error message is displayed on XenCenter as "Vdidelete: EXCEPTION SR.SROSError, Failed to mark VDI hidden opterr=error 22 or attempt to mark VDI as hidden failed."...
Binary Analysis IDE: BinDiff
BinDiff is a comparison tool for binary files that helps to quickly find differences and similarities in disassembled code. It is used by security researchers and engineers across the globe to identify and isolate fixes for vulnerabilities in vendor-supplied patches and to analyze multiple versio...
[SECURITY] Fedora 22 Update: octave-3.8.2-19.fc22
GNU Octave is a high-level language, primarily intended for numerical computations. It provides a convenient command line interface for solving linear and nonlinear problems numerically, and for performing other numerical experiments using a language that is mostly compatible with Matlab. It may...
Vuvuzela - Private Messaging System That Hides Metadata
Vuvuzela is a messaging system that protects the privacy of message contents and message metadata. Users communicating through Vuvuzela do not reveal who they are talking to, even in the presence of powerful nation-state adversaries. Our SOSP 2015 paper explains the system, its threat model,...
Private Messaging System: Vuvuzela
Vuvuzela is a messaging system that protects the privacy of message contents and message metadata. Users communicating through Vuvuzela do not reveal who they are talking to, even in the presence of powerful nation-state adversaries. Vuvuzela is the first system that provides strong metadata...
Yokogawa HART Device DTM Vulnerability
OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in Yokogawa’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which both companies have begun t...
Type74 ED Sensitive Information Disclosure Vulnerability
Type74 ED is a set of file encryption tools. A security vulnerability exists in Type74 ED versions prior to 4.0, which can be exploited to obtain plaintext data by differential cryptanalysis of files with an initial length of less than 128 bits...
AZL-34660 CVE-2015-2987 affecting package ed for versions less than 1.20-1
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...
CVE-2015-2987
The CVE-2015-2987 issue affects Type74 ED before 4.0, where 128-bit ECB is misused for small files, enabling plaintext exposure via differential cryptanalysis when the file’s original length is
File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted
Overview File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED"...
Google Working on Tool to Gather Stats While Preserving Privacy
Google is working on a new system that enables the company to collect randomized information about the way that users are affected by unwanted software on their machines, without gathering identifying data about the users. The system is known as RAPPOR Randomized Aggregatable Privacy-Preserving...
New attack produces quicker SHA-1 collisions
From The H Security Australian researchers have described a new and faster way of provoking collisions of the SHA-1 hash algorithm. With their method, a collision can be found using only 252 attempts. This makes practical attacks feasible and could have an impact on the medium-term use of the...
Fedora Update for dar FEDORA-2007-0904
Check for the Version of dar OpenVAS Vulnerability Test Fedora Update for dar FEDORA-2007-0904 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...
[SECURITY] Fedora 7 Update: dar-2.3.4-1.fc7
DAR is a command line tool to backup a directory tree and files. DAR is able to make differential backups, split them over a set of disks or files of a given size, use compression, filter files or subtrees to be saved or not saved, directly access and restore given files. DAR is also able to hand...
db_owner permissions to give the webshell two point improvement - - the vulnerability warning-the black bar safety net
| the dbowner permissions to give the webshell two point improvement | ---|--- Reduce backup file size, the resulting executable webshell success rate improved a lot The use of a differential backup Adding a parameter WITH DIFFERENTIAL declare @a sysname,@s nvarchar4 0 0 0 select...