Let's Encrypt Project issues its First Free SSL/TLS Certificate

Last fall the non-profit foundation EFF Electronic Frontier Foundation launched an initiative called Let's Encrypt that aimed at providing Free Digital Cryptographic Certificates TLS to any website that needs them. Today, Let's Encrypt – a free automated Open-source Certificate Authority CA – has...

Let's Encrypt Issues First Cert

Let’s Encrypt, a movement to issue free and automated HTTPS certificates, today hit a major milestone when its first cert went live. The desire to encrypt web-based services has accelerated projects such as Let’s Encrypt, which was announced last November, and promised by the close of this summer...

File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted

Overview File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED"...

Free Encryption Project to issue First SSL/TLS Certificates Next Month

Let's Encrypt, a project aimed to provide free-of-charge and easier-to-implement way to obtain and use a digital cryptographic certificates SSL/TLS to secure HTTPS website, is looking forward to issue its first digital certificates next month. With Let's Encrypt, any webmaster interested in...

IBM DB2 10.1.x < 10.1.400.770 Information Disclosure (credentialed check)

The version of IBM DB2 installed on the remote host is affected by an information disclosure vulnerability due to an unspecified flaw in the monitoring and audit features. A remote, authenticated attacker can exploit this flaw, via a crafted series of commands, to view passwords in SQL statements...

IBM DB2/DB2 Connect Information Disclosure Vulnerability

IBM DB2 is a large commercial relational database system. An information disclosure vulnerability exists in IBM DB2 and IBM DB2 Connect, where an authenticated remote DB2 user can execute a series of commands to obtain passwords within ENCRYPT/DECRYPT UDF or federated DDL SQL statements via the...

CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...

CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...

Chrome Plans to Mark All 'HTTP' Traffic as Insecure from 2015

Google is ready to give New Year gift to the Internet users, who are concerned about their privacy and security. The Chromium Project's security team has marked all HTTP web pages as insecure and is planning to explicitly and actively inform users that HTTP connections provide no data security...

Let’s Encrypt — A Certificate Authority to Provide Free SSL Certificates for Entire Web

As days are passing, encryption is becoming a need for every user sitting online. Many tech giants including Google, Apple and Yahoo! are adopting encryption to serve its users security and privacy at its best, but according to Electronic Frontier Foundation EFF, the high-tech Web security should...

EFF, Others Plan to Make Encrypting the Web Easier in 2015

By all accounts, switching web servers over to HTTPS from HTTP has long been viewed as a fickle affair; HTTPS/SSL certificates are expensive and on top of that notoriously cumbersome to install and maintain. A new coalition comprised of The Electronic Frontier Foundation EFF and a handful of othe...

CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...

CVE-2012-0811

CVE-2012-0811 affects PostfixAdmin (postfixadmin) prior to 2.3.5. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the pw parameter to the pacrypt function when mysql_encrypt is configured, or via unspecified vectors used in backup.php-generated backups. I...

Cloak & Encrypt < 2.0 - Cross-Site Scripting (XSS)

The url-cloak-encrypt WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

CVE-2014-4563

Cross-site scripting XSS vulnerability in go.php in the URL Cloak & Encrypt url-cloak-encrypt plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in go.php in the URL Cloak & Encrypt url-cloak-encrypt plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2014-4563

Affected software : WordPress plugin URL Cloak & Encrypt (url-cloak-encrypt)

NSHC Papyrus 2.0 - Heap Overflow Vulnerability

No description provided by source. !/usr/bin/python Title: NSHC Papyrus Heap Overflow Vulnerability Date: 13\08\2011 Author: wh1ant Software Link: http://file.atfile.com/ftp/data/03/PapyrusSetup.exe Version: 2.0 Tested On: windows XP SP3 South Korea / windows XP SP3 English VMware Workstation CVE...

Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5014/info A buffer overflow vulnerability has been reported in SQL Server 2000. The vunerability is a result of an unchecked buffer when using the password encrypt procedure. This procedure is used by administrators to...

CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...