5410 matches found
Dennis Fisher and Mike Mimoso on Facebook's Security Moves, GitHub's Audit and More
Dennis Fisher and Mike Mimoso discuss Facebook’s moves toward encrypted notifications and SHA-2 usage, the audit of GitHub SSH keys and the awesome OpenSesame garage door hack from Samy Kamkar. Download: digitalunderground206.mp3 Music by Chris Gonsalves...
SysAid Help Desk Database Credentials Disclosure
This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. This is used to download the server configuration file that contains the database username and password, which is encrypted with a fixed, known key. This modul...
DEBIAN-CVE-2015-3331
The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow and system crash or possibly...
CVE-2015-3331
CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...
WordPress Encrypted Blog Plugin <= 0.0.6.2 - Reflected Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability via encryptblogform.php redirectto parameter. Solution Update the plugin...
WordPress Encrypted Blog Plugin <= 0.0.6.2 - Arbitrary Site Redirection
This plugin is prone to an arbitrary site redirection via encryptblogform.php redirectto parameter. Solution Upgrade this plugin...
WordPress Encrypted Blog Plugin <= 0.0.6.2 - Arbitrary Site Redirection
This plugin is prone to an arbitrary site redirection via encryptblogform.php redirectto parameter. Solution Upgrade this plugin...
WordPress Encrypted Blog Plugin <= 0.0.6.2 - Reflected Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability via encryptblogform.php redirectto parameter. Solution Update the plugin...
wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...
Grindr v2.1.1 iOS & Account System - Breach Attack
Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1420 Release Date: ============= 2015-05-02 Vulnerability Laboratory ID VL-ID: ==================================== 1420...
Modernize Confluence Backup & Restore
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-37322. panel As a User in all possible roles in order to save time & money and prevent unintended problems caused by the curren...
Google Moving Toward Encrypted Ad Services
Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well...
CVE-2015-3324
The ThinkServer System Manager TSM Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers...
wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...
wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...
wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...
HTTP Suspicious SMB Redirection
A vulnerability has been discovered in the way numerous Windows-based applications follow HTTP redirection messages. By enticing a user to connect to a malicious Web server or by using Man in the Middle techniques, an attacker might cause a vulnerable application to initiate an SMB connection to ...
CVE-2015-1415
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile /boot/encryption.key, which allows local users to obtain sensitive key information by reading the file...
FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory Information Title: FreeBSD 10.x ZFS encryption.key disclosure CVE-2015-1415 Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-1415.txt.asc Date published: 2015-04-07 Vendors contacted: FreeBSD Release mode: Coordinated release...
Not found the rear door: open source encryption software TrueCrypt security audit-vulnerability warning-the black bar safety net
TrueCrypt is a popular open source file encryption software, which the user includes a large number of“sensitive persons”, such as businessmen, politicians, journalists, and therefore its safety has been well received by the attention. 2 0 1 4 年 5 months, the open source encryption software...