BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

CVE-2013-4674

Cross-site scripting XSS vulnerability in the Web Email Protection component in Symantec Encryption Management Server formerly Symantec PGP Universal Server before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web Email Protection component in Symantec Encryption Management Server formerly Symantec PGP Universal Server before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment...

CVE-2013-4674

Cross-site scripting XSS vulnerability in the Web Email Protection component in Symantec Encryption Management Server formerly Symantec PGP Universal Server before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment...

Israel's Verint Systems get a contract from Indian government for interception program

Soon in December this year, India's new surveillance program - Centralized Monitoring System CMS will be able to analyze all telecommunications and Internet communications in India by the government and its agencies. This means that everything we say or text over the phone, write, post or browse...

Israel's Verint Systems get a contract from Indian government for interception program

Soon in December this year, India’s new surveillance program - Centralized Monitoring System CMS will be able to analyze all telecommunications and Internet communications in India by the government and its agencies. This means that everything we say or text over the phone, write, post or browse...

Ubuntu Forums hacked; 2 million user's personal Information compromised

Ubuntuforums.org, The popular Ubuntu Forums site, has posted a message on its index page, informing its near 2 million users that it has suffered a serious security breach. "There has been a security breach on the Ubuntu Forums," reads the page. The site was defaced by hacker with Twitter handle...

Cisco IOS GET VPN Encryption Policy Bypass Vulnerability

A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS could allow traffic to bypass the configured encryption policy. The vulnerability is due to the default, implicit policies set in place to permit Group Domain of Interpretation GDOI traffic to flow unencrypted...

Default configuration

The default configuration of the Group Encrypted Transport VPN GET VPN feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation GDOI traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui076...

CVE-2013-3436

Cisco IOS GET VPN vulnerable due to default implicit GDOI policy allowing unencrypted traffic on UDP 848, enabling bypass of encryption policy for GMs and KSs. Root cause is the default configuration that permits GDOI flow; exploitation requires access to trusted internal networks. Impact is bypa...

CVE-2013-3404

SQL injection vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051...

Sql injection

SQL injection vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051...

CVE-2013-3404

SQL injection vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051...

CVE-2013-3770

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. NOTE: the previous information is from th...

Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities

Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities Title: ====== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities Date: ===== 2013-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1009 VL-ID: ===== 1009 Common Vulnerability Scoring System:...

Oracle Linux 6 : libvirt (ELSA-2011-1197)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-1197 advisory. 0.8.7-18.0.1.el61.1 - Replace docs/et.png in tarball with blank image libvirt-0.8.7-18.el61.1 - debug: Avoid null dereference on uuid lookup api rhbz728546 - Fi...

Oracle Linux 5 / 6 : libuser (ELSA-2011-0170)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0170 advisory. 0.56.13-4 - Correctly mark the LDAP default password value as encrypted CVE-2011-0002 Resolves: 668020 Tenable has extracted the preceding description block...

Oracle Linux 4 : evolution (ELSA-2008-0177)

From Red Hat Security Advisory 2008:0177 : Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of...

Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities

Document Title: =============== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1009 Release Date: ============= 2013-07-12 Vulnerability Laboratory ID VL-ID: ====================================...

Microsoft handed over encrypted messages key and Skype calls access to NSA

New top secret documents provided by Edward Snowden exposed that Microsoft worked hand-in-hand with the United States government and handed the NSA access to encrypted messages and built a series of backdoors into Outlook.com, Skype, and SkyDrive to ease difficulties in accessing online...