5397 matches found
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
AIX 5.3 TL 11 : ftpd (IZ83275)
There is a buffer overflow vulnerability in the ftp server. By issuing an overly long NLST command, an attacker may cause a buffer overflow. The successful exploitation of this vulnerability allows a remote attacker to get the DES encrypted user hashes off the server if FTP is configured to allow...
RHEL 4 : evolution (RHSA-2008:0178)
Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information...
AIX 5.3 TL 9 : ftpd (IZ83252)
There is a buffer overflow vulnerability in the ftp server. By issuing an overly long NLST command, an attacker may cause a buffer overflow. The successful exploitation of this vulnerability allows a remote attacker to get the DES encrypted user hashes off the server if FTP is configured to allow...
SkypeHide to Send secret messages into silence of Skype Calls
Polish Researchers have discovered a clever way to send secret messages during a phone call on Skype. We know that, by default skype calls use 256-bit advanced encryption, but researchers find that is not enough. So they find out this new way to communicate messages more secretly by using silence...
PT-2013-1562 · Apache · Apache Cxf
Name of the Vulnerable Software and Affected Versions: Apache CXF versions 2.4.5 through 2.4.7 Apache CXF versions 2.5.1 through 2.5.3 Apache CXF versions 2.6.x before 2.6.1 Description: The issue allows remote attackers to bypass certain policies, including AlgorithmSuite, SignedParts,...
Aastra IP Telephone encrypted .tuz configuration file leakage
Aastra IP telephone encrypted .tuz configuration file leakage ------------------------------------------------------------- Affected products ================= Aastra 6753i IP Telephone Firmware Version 3.2.2.56 Firmware Release Code SIP Boot Version 2.5.2.1010 Background ========== "The 6753i fr...
TURKTRUST Incident Raises Renewed Questions About CA System
The series of missteps and failures that led to a Turkish government-related agency eventually ending up with a valid wild card certificate for Google domains began in June 2011 when the TURKTRUST certificate authority began preparing for an audit of its systems and started moving some certificat...
Sophos Anti-Virus PDF Handling Stack Buffer Overflow
A stack buffer overflow vulnerability has been reported in Sophos Anti-Virus and Endpoint Protection. The vulnerability is due to an error when handling encrypted PDF files. A remote attacker can exploit this issue by sending a specially crafted PDF file to an affected user. The vulnerability is...
apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the 1 AlgorithmSuite, 2 SignedParts, 3 SignedElements, 4...
apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the 1 AlgorithmSuite, 2 SignedParts, 3 SignedElements, 4...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the 1 AlgorithmSuite, 2 SignedParts, 3 SignedElements, 4...
[SET] Social-Engineer Toolkit v4.3 "Turbulence"
The Social-Engineer Toolkit SET v4.3 has been released today! This version is over two solid months of development and has over 60 new features, additions, fixes, and enhancements. Most notably is the new payload selection called “Multi-pyInjector”. Multi-pyInjector allows you to inject as many...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
Discuz! X系列对md5与明文登录区分不明
简要描述: 在Discuz!平台上,如果密码够安全的话,经过md5md5newpw.salt 加密之后是很难破解出密码的,但是你又没有想过,如果别人有一个还有你的密码的md5加密的数据库的时候,可以直接用你的32位md5加密之后的密文直接登录,那岂不是很不安全? 详细说明: 在登录时,除了你的明文密码之外,32位的md5也可以登录,当你拥有一个还有他/她密码的32位md5加密后的密码不也是能进去了么? 具体的代码部分没有看,但是只有X系列会出现这样的错误,应该是Ucenter出的错了吧! 漏洞证明: 前言: 在Discuz!平台上,如果密码够安全的话,经过md5md5$newpw.$sa...
TrendMicro DataArmor / DriveArmor multiple security vulnerabilities
Restriction bypass, privilege escalation, encrypted data access...