CVE-2012-4409

Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...

CVE-2012-4409

Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...

Stack overflow

Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...

CVE-2012-4409

The CVE-2012-4409 issue affects MCrypt, specifically mcrypt versions up to and including 2.6.8, due to a flaw in the check_file_head() function (extra.c). A crafted header with long salt data during decryption can trigger a stack-based buffer overflow, enabling a user-assisted remote attacker to ...

Windows 8 Malware Using Google Docs to Target Brazilians

New malware targeting Windows 8 appears to be using Google Docs as a proxy server instead of directly connecting to a command and control C&C server. According to research done by Symantec and discussed in the company’s Security Response blog late last week, a Trojan, Backdoor.Makadocs, targets...

Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)

This host is missing a moderate security update according to Microsoft Bulletin MS12-073. OpenVAS Vulnerability Test $Id: secpodms12-073.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows IIS FTP Service Information Disclosure Vulnerability 2761226 Authors: Rachana Shetty Copyright: Copyright...

Command injection

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

Guadeloupe National Domain registrar hacked, Twitter & Google domain credentials leaked

Guadeloupe is a Caribbean island located in the Leeward Islands, in the Lesser Antilles. Today a hacker going by name "UR0B0R0X" claimed to hack into the "Network Information Center Guadeloupe" nic.gp, which is Guadeloupe National Domain registrar having control over domains of big companies like...

Virus conducting DDoS attack from infected systems

Russian anti-virus company Doctor Web is warning users about the malicious program which is helping attackers carry out mass spam mailings and allow attacker to use victim's PC as slave of his DDOS Army. According to researchers from the company they have discovered a Trojan "Trojan.Proxy.23012"...

Default configuration

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data...

Mandriva Linux Security Advisory : inn (MDVSA-2012:156)

A security issue was identified and fixed in ISC INN : The STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command tha...

Mandriva Update for inn MDVSA-2012:156 (inn)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SPDY information disclosure — Mozilla

Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection...

Cisco Software Encryption Library Information Disclosure Vulnerability

Cisco software contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is in the encryption library used by the vulnerable software. This library allows a portion of an encrypted packet to be sent...

[SECURITY] Fedora 17 Update: gnome-keyring-3.4.1-3.fc17

The gnome-keyring session daemon manages passwords and other types of secrets for the user, storing them encrypted with a main password. Applications can use the gnome-keyring library to integrate with the keyrin g...

FreeBSD : inn -- plaintext command injection into encrypted channel (a7975581-ee26-11e1-8bd8-0022156e8794)

INN developers report : Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

Default configuration

The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then...

Default configuration

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack...

CVE-2009-5119

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack...